VPN Technologies

Configure and verify GRE

GRE can encapsulate any Layer 3 protocols, however it does not provide security.
For this problem you can use GRE over IPSEC VPN. Unfortunately IPSEC can protect unicast packets only, but GRE tunnel is able to encapsulate multicast packets, so this solves our problem.



interface Fa0/0
 ip address
interface Tunnel 1
 ip address
 tunnel source Fa0/0
 tunnel destination

interface Fa0/0
 ip address
interface Tunnel 1
 ip address
 tunnel source Fa0/0
 tunnel destination


You can verify the tunnel with traceroute and sho int Tunnel x command.

Describe DMVPN (single hub)

Dynamic Multipoint VPN  allows a VPN tunnel to be dynamically created and torn down between two remote sites on an as-needed basis.
DMVPN uses multipoint GRE, which allows a router to support multiple GRE tunnels on a single GRE interface.

DMVPN require that routers run Next Hop Resolution Protocol (NHRP) which uses a hub and spoke model.
All of the spokes are configured with the HUB IP address and when a spoke comes online it informs the HUB about it’s (the spoke’s) physical and logical IP address so they can build a tunnel.


Verification: show ip nhrp

Describe Easy Virtual Networking (EVN)

Virtual Routing and Forwarding (VRF) allows a single router to run multiple virtual router instances. The traditional approach called VRF-Lite, but the newer one is the Cisco Easy Virtual Network (EVN).

EVN uses Virtual Network Trunk to carry traffic for each virtual network and eliminates the need to manually configure a subinterface for each virtual network on all routers ( this was required in VRF Lite). Traffic flowing over a VNET Trunk is tagged with VNET tag, identifying the virtual network to which the traffic belongs. An EVN router connects to a switch through an 802.1Q trunk with the different VLANs on the .1Q trunk carrying traffic for the different virtual networks.


In some cases it is needed to reach a network from another VRF. Cisco EVN implementing this with route replication.

SSL VPN client access

The Cisco AnyConnect VPN Client provides secure SSL connections to the security appliance for remote users. Without a previously installed client, remote users enter the IP address in their browser of an interface configured to accept SSL VPN connections.

After entering the URL, the browser connects to that interface and displays the login screen. If the user satisfies the login and authentication, and the security appliance identifies the user as requiring the client, it downloads the client that matches the operating system of the remote computer. After downloading, the client installs and configures itself, establishes a secure SSL connection.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Create a free website or blog at WordPress.com.

Up ↑