Virtual Private Network (VPN) |Types of VPN |Enterprise & ISP VPN | Network Security | IPsec VPN & GRE

Interview Questions:

• What is Virtual Private Network (VPN) ?
• Types of VPN ?
• Difference between IPsec & MPLS VPNs?
• GRE Vs IPsec VPN?
• What site-to-site VPN?
• What is Remote Access VPN?

In this discussion, I will elaborate Below points about VPN

• Why VPN? What is VPN?
• Types of VPN from a General perspective,
• VPN types in Enterprise & ISP/Backbone/IP Core
• IP Sec VPN Vs GRE
• Labs on the multi-Vendor firewall

Why VPN?

If the two networks are away/far distance from each other that we cannot connect directly through leased line due to high cost, In this case, we will connect through an internet public network (not secure) then for security purposes b/w two sites virtual private Network (VPN) is required.

What is VPN:

VPN provides a secure Virtual connection b/w two or more Sites/Organizations/hosts through Public Network to communicate like they are connected in LAN. so thats why called Virtual private Network not real private LAN.

If there are multiples VPN configured & other traffic also then due to VPN Isolation of traffic is achieved as well.

VPN Types:

In IT & Telecom, there are main two types of Network one is Enterprise & second is ISP Service provider/operator or Backbone/IP Core/IP Transport (these all are the same terminology)

In terms of the above Networks Below are the Virtual Private Network (VPN) types

From the perspective of usage/functionality , end-point/user connectivity VPN is divided into three types.

All VPNs are used for secure connection but depend on the actual requirement of traffic flow.

•  Site-to-Site VPN
•  Remote Access VPN
• Cloud VPN

Site-to-Site VPN:

Connectivity between two fixed LAN Networks, which can be Spoke-Hub or Spoke-Spoke

Multiple subnets not allowed to connect means connectivity b/w only two subnet/Networks in each site-to-site VPN.

Remote Access VPN:

Connectivity b/w mobile/not fixed user & Remote site. In this scenario, the endpoint user establishes a connection with Firewall/server through VPN Client Software like Cisco AnyConnect, Palo Alto Global Protect, or Fortinet FortiClient, and then accesses the internal Network.

Cloud VPN:

Cloud VPN is used b/w on-prem cloud to the public cloud like AWS,GCP,Azure,Ali baba etc and public cloud to public cloud connectivity.

For the tunnel creation of the above VPN, IPsec & GRE are used it consists of multiples protocol.

In the next section, I will explain about IPsec & GRE in detail & Lab implementation of different scenarios, further if you want to read about all VPN types in Enterprise & MPLS then Please write comments & share your experience.

IPsec:

As its name represents IPsec = IP+Security, providing security to the IP traffic carrying from one side to another.

By adding these protocols with original Data & IP also add their header with Data

 AH:

ESP:

The above three IKE, AH & ESP further contains sub-protocols for different functionality as mentioned below

IPsec is working in two phases

Phase-1: In this phase initial negotiation for secure tunnel creation. IKE functionality is working here. This is for channel security & building.

Phase-2: In this phase different policy verification like for Data encryption, authentication & protection, etc. AH & ESP is working here & is the security of actual data.

During configuration, you will be confused that authentication, encryption, and Hashing are used in both phases but actually, it’s for different purposes as below

In both phases authentication, encryption & Hashing algorithm are used but phase-1 is for the tunnel & Phase-2 is for Data.

In our next posts, we will focus to cover Basic to advance LABs on each topic and share experiences of practical projects we already completed.

Learn Cisco IPsec site-to-site VPN configuration with an example Here

You can learn Fortinet Firewall HA and H3C Firewall High availability implementation.

Keep Learning, Keep Reading, and Keep Growing. IT & IP is the future.