Introduction
What is a VPN? I think we have all heard of VPNs and how great they are for security, But what are they?
A VPN provides encrypted security between you (your device), and a network. This network could be your job, your corporate office, or your home somewhere on the other side of the world!
Now how could this help you in your network engineer path?
Site-to-Site VPN
This solution provides a static tunnel between two networks. Let’s say two offices on opposite sides of the country.
What does this Site-to-Site VPN do?
- Encrypts Traffic
- Checks Integrity
- Allows Access to Secure Resources
In Site-to-Site, you are able to access your corporate networks resources. To simplify this, this connection allows your two networks to tunnel between each other. What I mean by that is that, even though these networks are multiple WANs apart. They act as if they are right next to each other. Not only that, but these networks are completely encrypted from the outside world!
Though for all these features, you would need to configure this Site-to-Site accordingly. For example, you need a GRE Tunnel to use as a tunnel interface, and to set up IPsec for encryption. Reason for that is, GRE tunnels do not offer encryption, and IPsec does not have any tunneling capabilities. Though together, they create a perfect VPN.
Dynamic VPN
Now we can move on to Dynamic VPN. So we learned about Site-to-Site, though we did not cover what makes it Site-to-Site.
Site-to-Site is a static solution. Things are not meant to change, and when they do, it must be manually configured on all the routers. That is where Dynamic VPN is different. Dynamic like DMVPN uses Hub and Multiple Spokes. This solution allows a single Hub to have a tunnel interface that connects Multiple Spokes (networks). The key word here is Dynamic, as lets say you add a new office. All you need to do is configure the Spoke with the correct config, and you are now on the VPN network. There is no need to go through all offices to make this work.
There are many types of Dynamic VPN like:
- DMVPN (Dynamic Multipoint Virutal Private Network)
- FlexVPN
Each of these have different features, like IKEv2 capabilities. FlexVPN can handle IKEv2, while DMVPN cannot. FlexVPN is able to be configured through different router vendors. While DMVPN only works with Cisco Routers.
Disclaimer:
This post is intended for educational purposes only and provides discussion, guidance, and resources related to the Cisco SCOR 350-701 exam blueprint.
It is not affiliated with, endorsed by, or sponsored by Cisco Systems, Inc., and does not contain actual exam questions or answers.
All content in this post is based on publicly available information and the SCOR exam blueprint, with links provided to the official Cisco resources for further reference:
Use this post to learn, understand, and reinforce SCOR concepts. It is not a substitute for official Cisco training or the exam itself.