agree Jon, this is the first i hear about this term !

have a look at these links it might help you

http://www.skullbox.net/vpn.php

http://en.wikipedia.org/wiki/Virtual_private_network

ASA anyconnect

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080972e4f.shtml

Deployment classification

1. Site to Site VPN
   
2. Remote VPN
   

Classification based on OSI layers

1. Layer 4/7 VPN - WebVPN
   
2. Layer 3 VPN - IPSec, GREoIPSec
   
3. Layer 2 VPN - L2TP, PPTP, MPPE
   

Classification based on trust level

1. Intranet VPN
   
2. Extranet VPN
   
3. Remote VPN
   

Customer point of view classifications

1.   Traditonal VPN

• Frame-relay (L2 VPN)
  
• ATM VPN (L2 VPN)
  

2.   CPE based VPN

• L2TP and PPTP (Layer 2 VPN)
  
• IPSec VPN (Layer 3 VPN)
  

3.  Provider Provisioned VPN

• BGP/MPLS (L2/L3 VPN)
  

4.  Session based VPN

• SSLVPN/WebVPN (L4/L7 VPN)
  

https://learningnetwork.cisco.com/message/105810

HTH

if helpful Rate

Hi Harjit,

Are you talking about the any connect vpn (Easy VPN) where you no need to have a public IP at spoke site end.
What you are looking for exactly? and what you need to achieve? so that we can suggest you the possible ways...

Please rate the helpfull posts.
Regards,
Naidu.

Actually Jon,

That was the issue. How do i produce a VPN which is re-routable across the IP WAN cloud rather than the non-reroutable VPN.

The main concern is for a VPN that can be re-routed through the WAN. I am limited in my knowledge that i only know VPNs are non-reroutable, because of the way it is packetted.

I apologise for my english, as i have studied cisco in France.

Warm regatds,

Harjit

No need to apologise, our English is fine, it was just the term i was confused about

Still not sure what you mean by re-routed ie. re-routed from where to where ?

And when you talk of IPSEC VPN are you referring to a client VPN setup or a site to site VPN tunnel ?

Also i noticed you have posted this twice in this forum and also on the Ask the Experts LAN Switching. Firstly, please don't do this as it confuses the issue having multiple people working on the same issue. Secondly your question has no relevance to the Ask the Experts session which is on LAN switches.

Finally, it may be better if you moved this thread to the security forums where there is a specific forum for VPNs.

Jon

Good day, colleagues.

I belive difference between public and private VPN is in case you have private VPN you own all infrastructure end-to-end, with public VPN you should use leased line or channels.

And yes, there is no difference for ASA which type of VPN you organyze. If both end are reachable you can build VPN channel

Sincerely,

GRinch

Actually it's possible to build VPN int that scenario. You could biuld IPSec VPN here over GRE tunnel and still have your public IPs fully functional. The other question is that VPN in this scenario make no sense...

Please correct me if I'm wrong

Sincerely,

GRinch

I could build a VPN starting from the VPN router? But I believe the ProServe routers have to provide with the public ip addresses, right? Say, 84.xx.xx.xx.....This is done using the GRE tunnel. Am I right in this.

In summary, I have to build a GRE tunnel from the ProServe routers to my VPN router, thru the switch, and from there i get my public ip addresses to build a VPN to the client. Right?

Thank you... and help...

Lets make it clear. I was talking about VPN between two ProServe routers. If you need VPN between VPN router and one of ProServe router you have to decide routing issue and NAT(port mapping if you have the only public address). In theory it's possible but talking about scenario you provide it make no sense. I can't imagine situation when you need to build VPN between ProServe and VPN router especially over WAN link =)

I hope it helps.

Sincerely,

GRinch

Hi,

Usually will do GRE or IPSec vpn tunnel between end routers in different locations and those routers must have public IP with respected IOS.

Based on the diagram in your post.... do you want GRE tunnel between ProServer routers which in the same location i guess as per the diag? If that is right then it doesn't make any sense.

As said in my previous post tell us what you are looking for exactly? and what you need to achieve? so that we/people can suggest you the possible ways...

Please rate the helpfull posts.
Regards,
Naidu.

Hi Naidu,

Ok in the clearest possible way (i have to get a person with good english to do this for me)....

1. Would it be possible for me to create a VPN from the VPN router to an external network, using public IP, assuming i do not have access to the ProServe router.? Note, the point below the ProServe router are all NAt-ed IP (which makes it provate IP).

2. If I cant, what other options do I have?

I understand it is easy to create a VPN from the ProServe router directly to the foreingn entity, but that would be straight forward. Unfortunately, the requirement is from the VPN router.

I know it becomes complicated, and you must be thinking, why not make a VPN straight from the Proserve router. But i am only given permission to hammer the VPN router. The proserve one is out of bounds to be, besides minor adjustments.

Help..

It's possible but you need use static NAT and provide separate public address for VPN router. As you have the only public address you have to use port mapping.

Sincerely,

GRinch

Hi,

Yes, No problem you can create a vpn tunnel between two end points with your vpn router.
The only thing in your case that you need to have a static one to one NAT for your Router to have a public IP. This is because when you dont have a static IP configured on your router WAN interface.

Please rate the helpfull posts.
Regards,
Naidu.