Version 4.1 - 6.6 VPN Solutions
Looking at the contents of the blueprint for section 6, I would think that this would be the subject where I would pull most of the questions for this section. These topics are covered by the SIMOS course in addition to the Advanced Technologies videos on INE.
In my notes, I have the "types" of VPNs a little differently than the subtopics and I'd like to put that here.
## Point-to-point VPN - can be site-to-site or remote access
* Control plane - CP/tunnel negotiation directly between peers. Key mgmt. directly between peers.
* Data plane - DP/protected traffic flows directly between peers - is encapsulated into a new IP header of the VPN end points
## Hub and Spoke VPN - a set of point-to-point tunnels with one common head end (can be site-to-site or remote access)
* Control plane - CP/key management/tunnel negotiation directly between each two peers
* Data plane - DP/Protected traffic flows directly between each two peers (pair of endpoints)
## Full Mesh VPN - can only be site-to-site
- A set of point-to-point VPN tunnels (DMVPN)
- A shared VPN (GETVPN)
* Control plane
- negotiation between two peers
- negotiation w/one specific router (Key Server)
* Data plane
- DMVPN encapsulates into a new IP header of the VPN endpoints
- GETVPN preserves the original IP header of the data
IKEv1 IPsec VPN Types
* Crypto-map (static and dynamic) IOS & ASA (note: GETVPN on IOS only)
* SVTI (Static VTI) IOS
* DVTI (Dynamic VTI) IOS
* GRE with IPsec (P2P and P2M) IOS - includes DMVPN