Ccna routing and Switching Complete Study Guide

A different IP subnet connects each site. Since you would typically deploy a routing proto-

col over this VPN, you must communicate with the service provider to participate in the 

exchange of routes. Neighbor adjacency is established between your router, called CE, and 

the provider router that’s called PE. The service provider network has many core routers 

called P routers and it’s the P routers’ job to provide connectivity between the PE routers.

If you really want to totally outsource your layer 3 VPN, then this service is for you. Your 

service provider will maintain and manage routing for all your sites. From your perspective 

as a customer who’s outsourced your VPNs, this will appear to you that your service pro-

vider network is one big virtual switch.

Now you’re interested in VPNs, huh? And since VPNs are inexpensive and secure, I’m 

guessing you just can’t wait to find out how to create VPNs now! There’s more than one 

way to bring a VPN into being. The first approach uses IPsec to create authentication and 

encryption services between endpoints on an IP network. The second way is via tunneling 

protocols, which allow you to establish a tunnel between endpoints on a network. And 

understand that the tunnel itself is a means for data or protocols to be encapsulated inside 

another protocol—pretty clean!

I’m going to go over IPsec in a minute, but first I really want to describe four of the most 

common tunneling protocols in use today:

Layer 2 Forwarding (L2F) is a Cisco-proprietary tunneling protocol, and it was Cisco’s 

first tunneling protocol created for virtual private dial-up networks (VPDNs). A VPDN 

allows a device to use a dial-up connection to create a secure connection to a corporate 

network. L2F was later replaced by L2TP, which is backward compatible with L2F.

allow the secure transfer of data from remote networks to the corporate network.

L2F and PPTP. L2TP merged the capabilities of both L2F and PPTP into one tunneling 

protocol.

Generic Routing Encapsulation (GRE) is another Cisco-proprietary tunneling pro-

tocol. It forms virtual point-to-point links, allowing for a variety of protocols to be 

encapsulated in IP tunnels. I’ll cover GRE in more detail, including how to configure it, 

at the end of this chapter.

Now that you’re clear on both exactly what a VPN is and the various types of VPNs 

available, it’s time to dive into IPsec.