Information Technology Reference
In-Depth Information
Uses Internet Key Exchange (IKE) for dynamic key exchange.
■
Endpoints require IPsec software.
■
Choose when multi-vendor interoperability support is required.
■
Cisco Dynamic Multipoint Virtual Private Network (DMVPN)
■
Secure encrypted point-to-point generic routing encapsulation (GRE) tunnels
■
Provides on-demand spoke-to-spoke connectivity
■
Routing, multicast, and quality of service (QoS) support
■
When hub and spoke VPN is needed
■
Cisco Easy VPN
■
Simplifies hub-and-spoke VPNs.
■
QoS support.
■
Choose when reducing management of VPNs is the primary goal.
■
Cisco GRE-based VPN
■
Enables routing and multicast traffic across an IPsec VPN.
■
Non-IP protocol and QoS support.
■
Choose when more detailed configuration than DMVPN is required.
■
Cisco GET VPN
■
Encryption integration on IP and MPLS WANs.
■
Simplifies encryption management using group keying.
■
Any-to-any connectivity.
■
Support for routing, multicast, and QoS.
■
Choose when adding encryption to IP or MPLS WANs while allowing any-to-any
connectivity.
■
Ta ble 1 2 -1 1 describes key features of VPN security protocols.
Ta b l e 1 2 -1 1
VPN Protocols
VPN Description
VPN Name
Use AH and ESP to secure data; requires endpoints have IPsec software
Standard IPsec
Secure encrypted point-to-point GRE tunnels; on-demand spoke-to-
spoke connectivity
Cisco DMVPN
Simplifies hub-and-spoke VPNs; need to reduce VPN management
Cisco Easy VPN