There are two basic types of VPNs:

  • Site-to-Site VPNs
  • Remote Access VPNs

Site-to-Site VPNs

A site-to-site VPN connects an entire network to another network. For example, they can connect a branch office network to the network at company headquarters, a VPN scenario also presented in Figure 13-1 earlier in this chapter. In the past, a private leased line or Frame Relay connection was required to connect sites. However, with easily available and cost-effective high-bandwidth Internet connections today, site-to-site VPNs can replace leased lines and Frame Relay.

Site-to-site VPNs are sometimes further classifed as intranet and extranet VPNs. If a remote site of a company connects to the corporate headquarters of the same company, it is called an intranet VPN. When a company connects to a supplier, it is called an extranet VPN. From a technical standpoint these two types are the same though the distinction is important for your CCNA exam.

In site-to-site VPNs, a VPN gateway is installed at each site that performs encryption, decryption, and other services on behalf of all hosts on the local network. There is a variety of devices that can be configured to act as a VPN gateway such as a router, firewall, VPN concentrator, or another security appliance by Cisco or another manufacturer. The VPN gateway is responsible for encrypting and encapsulating the aggregate of all traffic going out from hosts on the local network and sending it through a VPN tunnel over the Internet to a peer VPN gateway at the target site. When the peer VPN gateway receives the traffic, it decapsulates and decrypts the content and forwards the packet toward the target host on its local inside private network. 

Remote Access VPNs

Remote access VPNs are analogous to circuit switched technologies such as dial-up connections and Integrated Services Digital Network (ISDN). Remote access VPNs fulfill the needs of mobile users and telecommuters working from home. Remote access VPNs connect individual hosts, rather than whole networks in the case of site-to-site VPNs, who must access their company network securely over the public Internet.

In a remote access VPN, the VPN client software is installed on each host. Whenever, the host has traffic to send, the VPN client software encapsulates and encrypts that traffic before sending it out the Internet to the VPN gateway at the entrance of the target network. The VPN gateway at the target network treats this traffic the same way as it does for site-to-site VPNs.

Key Concept : VPNs are classified as site-to-site VPNs that connect all the computers at two sites and remote access VPNs that connect individual users to a company network over the Internet. Site-to-site VPNs can be either intranet or extranet VPNs depending on if the two sites belong to the same or different partnering organizations respectively.