VPN Topologies
-
Hub and spoke
-
Individual Point to Point
-
Fully Meshed
In addition there are partial mesh, Tiered hub ans spoke and joined hub and spoke.
Cisco VPN Technologies for deployments
-
Standards based p2p vpn.
-
DMVPN. For Cisco IOS for building hub and spoke or spoke to spoke mesh networks. Simplied configuration using NHRP and automatic IPsec initiation.
-
- Rather than needing Crypto ACL’s to match traffic, GRE can be used in multipoint GRE or mGRE to manage all spoke routers and run routing protocols across the tunnel to advertise networks.
-
- Automatic IPSec initiation using NHRP to configure and resolve peer addresses.
-
- Spoke routers can have dynamic IP addresses.
- FlexVPN. A cisco implementation of IKEv2. A solution to simplify all types of common vpn situations. Remote, s2s, teleworkers, mobility, manages services.
-
- Uses VTI interface. Backwards compatible with legacy crypto map vpn.
- GET VPN. Large Scale any-to-any communications using Group Domain of Interpretation(GDOI) with IPsec. Secures IP unicast and multicast traffic. good for use of private wan such as MPLS. Is considered tunnel-less.
-
- GET stands for Group encrypted transport.
-
- Single SA group. Allows peer to peer communications
-
- Centralized certificate server.
-
- Ideal for private wan