VPNs are used to create a secure end-to-end private network connection over a third party network, such as the Internet. A site-to-site VPN uses a VPN gateway device at the edge of both sites. The end hosts are unaware of the VPN and have no additional supporting software.
A remote-access VPN requires software to be installed on the individual host device that accesses the network from a remote location. The two types of remote-access VPNs are SSL and IPsec. SSL technology can provide remote access using a client’s web browser and the browser’s native SSL encryption. Using Cisco AnyConnect software on the client, users can have LAN-like, full network access using SSL.
GRE is a basic, non-secure site-to-site VPN tunneling protocol that can encapsulate a wide variety of protocol packet types inside IP tunnels, thus allowing an organization to deliver other protocols through an IP-based WAN. Today it is primarily used to deliver IP multicast traffic or IPv6 traffic over an IPv4 unicast-only connection.
IPsec, an IETF standard, is a secure tunnel operating at Layer 3 of the OSI model that can protect and authenticate IP packets between IPsec peers. It can provide confidentiality by using encryption, data integrity, authentication, and anti-replay protection. Data integrity is provided by using a hash algorithm, such as MD5 or SHA. Authentication is provided by the PSK or RSA peer authentication method.
The level of confidentiality provided by encryption depends on the algorithm used and the key length. Encryption can be symmetrical or asymmetrical. DH is a method used to securely exchange the keys to encrypt data.