Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:03,779 --> 00:00:06,910 This is a free, complete course for the CCNA. 2 00:00:06,910 --> 00:00:10,759 If you like these videos, please subscribe\n 3 00:00:10,759 --> 00:00:15,458 Also, please like and leave a comment, and\n 4 00:00:18,170 --> 00:00:20,699 In this video we’ll look at WAN architectures. 5 00:00:20,699 --> 00:00:28,050 Specifically, we’ll be covering topic 1.2.d,\n 6 00:00:30,748 --> 00:00:36,619 Both of these exam topics use the term ‘describe’,\n 7 00:00:36,619 --> 00:00:42,469 You just need a basic understanding of some\n 8 00:00:42,469 --> 00:00:46,100 Note that we’ll be looking at WANs from\n 9 00:00:46,100 --> 00:00:51,730 the customer of a service provider, not from\n 10 00:00:51,729 --> 00:00:57,259 To learn more about the service provider perspective,\n 11 00:00:58,429 --> 00:01:01,939 Here’s what we’ll cover in this video. 12 00:01:01,939 --> 00:01:05,849 First I’ll give an introduction to WANs\n 13 00:01:05,849 --> 00:01:11,439 Then I’ll introduce one type of connection\n 14 00:01:11,439 --> 00:01:17,280 Then another WAN technology known as MPLS,\n 15 00:01:17,280 --> 00:01:21,750 us with a kind of VPN, virtual private network. 16 00:01:21,750 --> 00:01:26,489 Then I’ll introduce some options for internet\n 17 00:01:26,489 --> 00:01:31,349 VPNs, which allow us to create virtual private\n 18 00:01:31,349 --> 00:01:37,469 So, we’ll cover a lot of topics, but we\n 19 00:01:37,469 --> 00:01:42,769 To cover just the topic of MPLS in depth,\n 20 00:01:42,769 --> 00:01:46,359 least as long as this entire CCNA course. 21 00:01:46,359 --> 00:01:50,769 For the CCNA exam, all that’s expected is\n 22 00:01:50,769 --> 00:01:53,810 technologies and their purpose. 23 00:01:53,810 --> 00:01:58,120 As always, make sure to watch until the end\n 24 00:01:58,120 --> 00:02:04,430 from Boson Software’s ExSim for CCNA, the\n 25 00:02:04,430 --> 00:02:09,229 Okay let me introduce the concept of WANs\nfirst. 26 00:02:09,229 --> 00:02:14,099 As you know already, WAN stands for Wide Area\n 27 00:02:16,449 --> 00:02:21,048 A WAN is a network that extends over a large\ngeographic area. 28 00:02:21,049 --> 00:02:24,620 For example, between cities, between countries,\netc. 29 00:02:24,620 --> 00:02:28,739 So, WANs are used to connect geographically\nseparate LANs. 30 00:02:28,739 --> 00:02:34,218 For example, if a company has an office in\n 31 00:02:34,218 --> 00:02:40,299 in London, each of those offices is a LAN,\n 32 00:02:40,299 --> 00:02:44,090 them form a WAN, Wide Area Network. 33 00:02:44,090 --> 00:02:48,968 Although the Internet itself can be considered\n 34 00:02:48,968 --> 00:02:53,789 to an enterprise’s private connections that\n 35 00:02:55,169 --> 00:03:00,639 So, as I said the Internet can be considered\n 36 00:03:02,709 --> 00:03:06,669 Although there is another kind of technology\n 37 00:03:08,750 --> 00:03:14,378 Over public and shared connections like the\n 38 00:03:14,378 --> 00:03:16,578 can be used to create private connections. 39 00:03:16,579 --> 00:03:20,799 I’ll show you a few kinds of VPNs in this\nvideo. 40 00:03:20,799 --> 00:03:24,489 Note that there have been many different WAN\n 41 00:03:24,489 --> 00:03:28,560 Depending on the location, some will be available\n 42 00:03:28,560 --> 00:03:32,509 I won’t cover every possible WAN technology\nin this video. 43 00:03:32,509 --> 00:03:37,938 Also, technologies which are considered legacy\n 44 00:03:39,590 --> 00:03:44,359 Legacy basically means old and no longer used\nor rarely used. 45 00:03:47,669 --> 00:03:51,808 This enterprise has a central data center\nand some offices. 46 00:03:51,808 --> 00:03:55,329 For the purpose of this video we’re not\n 47 00:03:55,330 --> 00:04:01,389 of the devices in each LAN, but each of these,\n 48 00:04:04,419 --> 00:04:09,170 Each office is connected to the data center\n 49 00:04:09,169 --> 00:04:12,018 physical connection between two sites. 50 00:04:12,019 --> 00:04:16,310 This is not a shared connection, it’s not\n 51 00:04:16,310 --> 00:04:20,030 connection that the company uses to connect\nits sites together. 52 00:04:20,029 --> 00:04:24,809 By the way, do you know a word for this kind\n 53 00:04:26,939 --> 00:04:32,589 In the last video I introduced the term star\n 54 00:04:32,589 --> 00:04:35,689 a more common term is hub and spoke. 55 00:04:35,689 --> 00:04:41,100 The central site, the data center, is called\n 56 00:04:43,750 --> 00:04:49,439 One major advantage of a hub-and-spoke topology,\n 57 00:04:49,439 --> 00:04:54,290 it’s easier to centrally control what traffic\n 58 00:04:54,290 --> 00:04:59,520 All traffic between offices can be sent to\n 59 00:04:59,519 --> 00:05:02,899 and it can control which traffic is allowed\nand which isn’t. 60 00:05:02,899 --> 00:05:06,269 So, remember that term, hub and spoke topology. 61 00:05:06,269 --> 00:05:11,829 Now, I have to say that this diagram is actually\n 62 00:05:14,228 --> 00:05:17,370 This is a better representation of what’s\nactually going on. 63 00:05:17,370 --> 00:05:22,620 Rather than a single physical cable directly\n 64 00:05:22,620 --> 00:05:26,189 a service provider, which connects the sites\ntogether. 65 00:05:26,189 --> 00:05:30,699 I will introduce leased lines soon, but these\n 66 00:05:30,699 --> 00:05:36,250 I briefly introduced serial connections in\n 67 00:05:36,250 --> 00:05:41,800 2 encapsulations like HDLC and PPP, not Ethernet. 68 00:05:41,800 --> 00:05:47,829 However these days WAN connections via Ethernet\n 69 00:05:47,829 --> 00:05:52,990 Optical fiber connections allow much longer\n 70 00:05:52,990 --> 00:05:58,569 cables, so these days WANs using Ethernet\n 71 00:05:58,569 --> 00:06:03,620 Note that the CCNA focuses on the WAN connection\n 72 00:06:05,300 --> 00:06:09,500 So we won’t spend much time talking about\n 73 00:06:09,500 --> 00:06:14,259 provider network, the gray box in this slide\n 74 00:06:14,259 --> 00:06:19,180 If you want to learn more about that, consider\n 75 00:06:20,250 --> 00:06:25,639 Now, the Internet can also be used for an\n 76 00:06:25,639 --> 00:06:29,079 However, the Internet itself is not a private\nnetwork. 77 00:06:29,079 --> 00:06:34,468 It’s a shared, public network, so sending\n 78 00:06:36,470 --> 00:06:40,320 In this case, note that each site has a physical\n 79 00:06:40,319 --> 00:06:45,699 However, to send traffic between sites the\n 80 00:06:46,699 --> 00:06:52,110 We’ll cover these in greater detail soon,\n 81 00:06:52,110 --> 00:06:55,889 so that the contents can only be read by the\n 82 00:06:55,889 --> 00:07:01,129 Then, the encrypted packet is encapsulated\n 83 00:07:01,129 --> 00:07:06,430 This means that the original packet will remain\n 84 00:07:06,430 --> 00:07:10,110 Okay, so that was a quick introduction to\na few WAN options. 85 00:07:10,110 --> 00:07:16,240 Now let’s take a slightly deeper look at\n 86 00:07:16,240 --> 00:07:21,360 A leased line is a dedicated physical link,\n 87 00:07:21,360 --> 00:07:26,660 As I mentioned before, they use serial connections\n 88 00:07:26,660 --> 00:07:29,879 So, these aren’t Ethernet links. 89 00:07:29,879 --> 00:07:35,419 The layer 2 encapsulation is not Ethernet,\n 90 00:07:35,418 --> 00:07:39,589 There are various standards that provide different\n 91 00:07:41,740 --> 00:07:44,710 This chart from Wikipedia shows some of the\nstandards. 92 00:07:44,709 --> 00:07:48,978 Now, there are a lot here and I don’t think\n 93 00:07:48,978 --> 00:07:53,300 Of course, if you want you can make flashcards\n 94 00:07:53,300 --> 00:07:58,288 and their speeds, but I think that will be\n 95 00:08:00,499 --> 00:08:06,639 In North America the standard names begin\n 96 00:08:06,639 --> 00:08:11,199 I will include flashcards for these three\n 97 00:08:11,199 --> 00:08:16,300 one except a few people at Cisco know exactly\n 98 00:08:16,300 --> 00:08:19,978 to you if you want to memorize more or not. 99 00:08:19,978 --> 00:08:26,758 In Europe, as well as other regions, the standards\n 100 00:08:26,759 --> 00:08:30,530 Again, I will include flashcards for these\nthree standards. 101 00:08:30,529 --> 00:08:36,000 Now, as I mentioned before Ethernet WAN technologies\n 102 00:08:39,269 --> 00:08:44,509 It’s because leased lines tend to have a\n 103 00:08:44,509 --> 00:08:48,700 meaning it takes a longer time to actually\n 104 00:08:48,700 --> 00:08:51,680 speeds than Ethernet connections provide. 105 00:08:51,679 --> 00:08:56,969 Okay let’s move on to another WAN option,\nMPLS. 106 00:08:56,970 --> 00:09:01,120 MPLS stands for Multi Protocol Label Switching. 107 00:09:01,120 --> 00:09:06,370 Similar to the Internet, service providers’\n 108 00:09:06,370 --> 00:09:12,090 many customer enterprises connect to and share\n 109 00:09:12,090 --> 00:09:18,070 However, the label switching in the name of\n 110 00:09:18,070 --> 00:09:23,690 to be created over the MPLS infrastructure\n 111 00:09:23,690 --> 00:09:27,880 These labels are used to separate the traffic\n 112 00:09:27,879 --> 00:09:33,850 the shared infrastructure, and make sure it\n 113 00:09:33,850 --> 00:09:36,950 There are a few basic terms you should know\nfor MPLS. 114 00:09:36,950 --> 00:09:40,450 CE router means Customer Edge router. 115 00:09:40,450 --> 00:09:45,190 This is the customer’s router that is connected\n 116 00:09:47,700 --> 00:09:52,070 Finally there are P routers, these are the\n 117 00:09:52,070 --> 00:09:56,100 edge of the network and don’t connect to\ncustomer routers. 118 00:09:56,100 --> 00:09:59,019 This diagram should make it easier to understand. 119 00:09:59,019 --> 00:10:03,370 Notice the CE routers are at the edge of the\n 120 00:10:03,370 --> 00:10:07,370 PE routers, the provider edge routers. 121 00:10:07,370 --> 00:10:11,440 Within the provider network there are also\n 122 00:10:11,440 --> 00:10:16,380 infrastructure of the service provider’s\n 123 00:10:18,389 --> 00:10:24,350 When the PE routers receive frames from the\n 124 00:10:24,350 --> 00:10:29,620 This label is actually placed in between the\n 125 00:10:29,620 --> 00:10:35,200 header, so sometimes MPLS is called a Layer\n2.5 protocol. 126 00:10:35,200 --> 00:10:39,580 These labels are then used to make forwarding\n 127 00:10:42,200 --> 00:10:47,290 In regular IP routing the router checks the\n 128 00:10:47,289 --> 00:10:50,459 table to decide where to forward the packet. 129 00:10:52,000 --> 00:10:57,539 MPLS routers use the MPLS label to decide\n 130 00:10:57,539 --> 00:11:04,319 Now, the CE routers do not use MPLS, it is\n 131 00:11:04,320 --> 00:11:09,650 The CE routers do not have to run MPLS or\n 132 00:11:09,649 --> 00:11:15,549 Now, there are a few different kinds of VPNs\n 133 00:11:15,549 --> 00:11:23,179 When using a Layer 3 MPLS VPN, the CE and\n 134 00:11:24,759 --> 00:11:29,659 Now, it doesn’t have to be OSPF, it could\n 135 00:11:29,659 --> 00:11:35,039 Or the customer could just write static routes,\n 136 00:11:35,039 --> 00:11:38,069 But let’s assume a routing protocol is being\nused. 137 00:11:38,070 --> 00:11:45,640 For example, in the diagram below office A’s\n 138 00:11:45,639 --> 00:11:48,519 CE will peer with the other PE, like this. 139 00:11:48,519 --> 00:11:55,110 Then, office A’s CE will learn about office\n 140 00:11:55,110 --> 00:11:58,690 B’s CE will learn about office A’s routes,\ntoo. 141 00:11:58,690 --> 00:12:02,000 So, this is a Layer 3 MPLS VPN. 142 00:12:02,000 --> 00:12:07,929 The CE routers either form dynamic routing\n 143 00:12:07,929 --> 00:12:12,639 they use the PE routers as the next hop of\ntheir static routes. 144 00:12:12,639 --> 00:12:19,500 A Layer 2 MPLS VPN can also be used, in which\n 145 00:12:19,500 --> 00:12:25,230 So, the entire service provider network is\n 146 00:12:25,230 --> 00:12:30,420 Although the CE routers will physically connect\n 147 00:12:30,419 --> 00:12:33,189 CE routers are directly connected. 148 00:12:33,190 --> 00:12:36,600 Their WAN interfaces will be in the same subnet. 149 00:12:36,600 --> 00:12:40,930 If a routing protocol is used, the two CE\n 150 00:12:42,779 --> 00:12:47,720 In this case, the service provider network\n 151 00:12:47,720 --> 00:12:51,940 it’s doing so in a way that it’s like\n 152 00:12:51,940 --> 00:12:55,370 a big switch connecting the two CE routers\ntogether like this. 153 00:12:55,370 --> 00:13:01,060 The CE routers are physically connected to\n 154 00:13:01,059 --> 00:13:05,429 is operating like a big switch connecting\n 155 00:13:05,429 --> 00:13:12,289 Now, MPLS is a technology that runs in the\n 156 00:13:12,289 --> 00:13:16,699 technologies, many different kinds of connections,\n 157 00:13:16,700 --> 00:13:20,430 provider’s MPLS network for WAN service. 158 00:13:20,429 --> 00:13:25,569 In this case office A and office B are connecting\n 159 00:13:25,570 --> 00:13:31,590 Perhaps office C is connecting to the service\n 160 00:13:31,590 --> 00:13:37,610 Office D might be connecting via CATV, a cable\n 161 00:13:39,309 --> 00:13:44,639 And office E might use a serial connection,\n 162 00:13:46,289 --> 00:13:52,029 So, these sites are connecting to the service\n 163 00:13:52,029 --> 00:13:56,500 and they will all be able to communicate with\n 164 00:14:00,639 --> 00:14:07,449 For the CCNA exam, you should know that MPLS\n 165 00:14:07,450 --> 00:14:12,060 You should know the terms CE router, PE router,\nand P router. 166 00:14:12,059 --> 00:14:17,969 You should know that Layer 3 MPLS VPNs have\n 167 00:14:17,970 --> 00:14:24,990 using a routing protocol such as OSPF, whereas\n 168 00:14:24,990 --> 00:14:27,409 are all directly connected to each other. 169 00:14:27,409 --> 00:14:32,529 The service provider routers are totally transparent,\n 170 00:14:34,240 --> 00:14:39,289 As I mentioned at the beginning of this video,\n 171 00:14:39,289 --> 00:14:45,000 a huge course to cover in depth, but let’s\n 172 00:14:45,000 --> 00:14:50,659 Before focusing on Internet VPNs, let’s\n 173 00:14:50,659 --> 00:14:54,539 There are countless ways for an enterprise\n 174 00:14:54,539 --> 00:15:00,129 For example, private WAN technologies such\n 175 00:15:00,129 --> 00:15:03,980 to connect to a service provider’s Internet\ninfrastructure. 176 00:15:03,980 --> 00:15:08,810 Although the leased line or MPLS VPN itself\n 177 00:15:08,809 --> 00:15:12,859 means to access the public network that is\nthe Internet. 178 00:15:12,860 --> 00:15:18,509 In addition, technologies such as CATV and\n 179 00:15:18,509 --> 00:15:22,529 for home Internet access, can also be used\nby an enterprise. 180 00:15:22,529 --> 00:15:28,289 I’m repeating myself, but for both enterprise\n 181 00:15:28,289 --> 00:15:33,250 ethernet connections are growing in popularity\n 182 00:15:34,889 --> 00:15:39,370 But now let’s briefly look at two Internet\n 183 00:15:43,279 --> 00:15:47,480 First let’s look at DSL, which stands for\n 184 00:15:47,480 --> 00:15:52,950 DSL provides internet connectivity to customers\n 185 00:15:52,950 --> 00:15:55,660 line that is already installed in most homes. 186 00:15:55,659 --> 00:16:00,469 So, this is very convenient for both the service\n 187 00:16:00,470 --> 00:16:04,870 Now, there is one extra device here that I\n 188 00:16:04,870 --> 00:16:07,830 except for a brief mention in the previous\nvideo. 189 00:16:08,980 --> 00:16:15,000 A modem, which stands for modulator-demodulator,\n 190 00:16:15,000 --> 00:16:18,190 suitable to be sent over the phone lines. 191 00:16:18,190 --> 00:16:22,880 The modem might be a separate device, as in\n 192 00:16:24,690 --> 00:16:29,140 This connects the network to the service provider\n 193 00:16:29,139 --> 00:16:33,230 But there is another common kind of communication\n 194 00:16:38,370 --> 00:16:42,649 Cable Internet is a similar concept to DSL,\n 195 00:16:45,419 --> 00:16:51,539 But it provides Internet access via the same\n 196 00:16:52,539 --> 00:16:59,870 So, just like DSL, it takes advantage of already-installed\n 197 00:16:59,870 --> 00:17:05,400 Like DSL, a cable modem is required to convert\n 198 00:17:07,970 --> 00:17:13,059 And also like a DSL modem, the cable modem\n 199 00:17:14,759 --> 00:17:19,338 Now, for a home user, having one connection\n 200 00:17:19,338 --> 00:17:24,539 It’s a bit annoying if you lose Internet\n 201 00:17:24,539 --> 00:17:28,730 However, for many companies Internet access\n 202 00:17:28,730 --> 00:17:33,500 So, it’s best to have redundant Internet\n 203 00:17:34,779 --> 00:17:40,920 First, if you have 1 connection to 1 ISP,\n 204 00:17:40,920 --> 00:17:44,019 This is like a standard home Internet connection. 205 00:17:44,019 --> 00:17:49,029 For an enterprise, this is not ideal, because\n 206 00:17:49,029 --> 00:17:53,769 If you have 2 connections to that same ISP,\n 207 00:17:53,769 --> 00:17:57,849 This provides some redundancy, but still not\nideal. 208 00:17:57,849 --> 00:18:02,589 If you have 1 connection to each of 2 ISPs,\n 209 00:18:02,589 --> 00:18:07,369 This improves the redundancy because if something\n 210 00:18:09,869 --> 00:18:15,239 And finally there is dual multihomed, 2 connections\n 211 00:18:15,240 --> 00:18:17,660 This provides the most redundancy. 212 00:18:17,660 --> 00:18:21,910 Depending on the company, this might not be\n 213 00:18:21,910 --> 00:18:24,820 So, make sure you know these four terms. 214 00:18:24,819 --> 00:18:28,960 Single homed, dual homed, multihomed, and\ndual multihomed. 215 00:18:28,960 --> 00:18:32,049 Okay, that’s enough about Internet access\nfor now. 216 00:18:32,049 --> 00:18:37,710 Let’s move on to the final topic, Internet\nVPNs. 217 00:18:37,710 --> 00:18:43,390 Private WAN services such as leased lines\n 218 00:18:43,390 --> 00:18:49,240 traffic is separated by using dedicated physical\n 219 00:18:49,240 --> 00:18:51,240 tags that separate the traffic. 220 00:18:51,240 --> 00:18:56,769 However, when using the Internet as a WAN\n 221 00:18:58,440 --> 00:19:04,840 So, to provide secure communications over\n 222 00:19:06,660 --> 00:19:10,350 We will cover two kinds of Internet VPNs. 223 00:19:10,349 --> 00:19:18,029 First, site-to-site VPNs using IPsec, and\n 224 00:19:18,029 --> 00:19:23,319 So let’s get right into the first one, site-to-site\n 225 00:19:23,319 --> 00:19:28,990 A site-to-site VPN is a VPN between two devices\n 226 00:19:31,109 --> 00:19:36,179 In the diagram below office A and office B\n 227 00:19:36,180 --> 00:19:41,460 will use a site-to-site VPN between them so\n 228 00:19:43,910 --> 00:19:49,650 In a site-to-site VPN, a VPN tunnel is created\n 229 00:19:49,650 --> 00:19:55,060 original IP packet with a VPN header and a\nnew IP header. 230 00:19:55,059 --> 00:20:01,069 When using IPsec, the original packet is encrypted\n 231 00:20:01,069 --> 00:20:03,490 This is what makes IPsec secure. 232 00:20:03,490 --> 00:20:09,230 So, the router will take the original packet,\n 233 00:20:09,230 --> 00:20:15,069 an IPsec VPN header and a new IP header, and\n 234 00:20:15,069 --> 00:20:18,019 Let me demonstrate that process in the diagram. 235 00:20:18,019 --> 00:20:21,789 We have configured an IPsec tunnel between\nthese two routers. 236 00:20:21,789 --> 00:20:27,430 The PC at office A wants to send traffic to\n 237 00:20:27,430 --> 00:20:31,259 unencrypted data to its default gateway, the\nrouter. 238 00:20:31,259 --> 00:20:36,769 The router encrypts the data, and adds a VPN\n 239 00:20:36,769 --> 00:20:40,910 Then the encrypted data in the new packet\n 240 00:20:42,599 --> 00:20:47,250 The receiving router decrypts the data, and\n 241 00:20:47,250 --> 00:20:51,779 That’s a very basic overview of how IPsec\nVPNs work. 242 00:20:54,730 --> 00:20:59,740 When the router receives a packet that is\n 243 00:20:59,740 --> 00:21:06,609 packet and a session key, also called an encryption\n 244 00:21:06,609 --> 00:21:11,699 Then the sending device, the router, encapsulates\n 245 00:21:13,250 --> 00:21:17,710 The new packet is then sent to the device\n 246 00:21:19,210 --> 00:21:23,720 This device then decrypts the data to get\n 247 00:21:25,630 --> 00:21:30,040 Of course, this is an oversimplification of\n 248 00:21:31,490 --> 00:21:37,920 Now, note that in a site-to-site VPN a tunnel\n 249 00:21:37,920 --> 00:21:41,480 for example the two routers connected to the\nInternet. 250 00:21:41,480 --> 00:21:46,269 All other devices in each site don’t need\n 251 00:21:46,269 --> 00:21:50,650 They can send unencrypted data to their site’s\n 252 00:21:50,650 --> 00:21:53,600 it in the tunnel as described above. 253 00:21:53,599 --> 00:21:59,569 The next type of VPN we will look at, remote\n 254 00:21:59,569 --> 00:22:04,000 Before looking at remote-access VPNs, I want\n 255 00:22:05,170 --> 00:22:11,269 First, IPsec doesn’t support broadcast and\n 256 00:22:11,269 --> 00:22:15,589 This means that routing protocols such as\n 257 00:22:15,589 --> 00:22:18,919 routing protocols rely on multicast traffic. 258 00:22:18,920 --> 00:22:23,560 We can solve this with GRE over IPsec, which\nwe’ll look at next. 259 00:22:23,559 --> 00:22:27,599 Another potential problem for large networks\n 260 00:22:27,599 --> 00:22:30,899 between many sites is a labor-intensive task. 261 00:22:30,900 --> 00:22:35,610 It takes a lot of time and careful planning\n 262 00:22:35,609 --> 00:22:38,209 This problem can be solved with Cisco’s\nDMVPN. 263 00:22:38,210 --> 00:22:41,680 Let’s briefly look at each of the above\nsolutions. 264 00:22:45,480 --> 00:22:51,681 GRE, which stands for Generic Routing Encapsulation,\n 265 00:22:51,681 --> 00:22:55,600 encrypt the original packet, so it is not\nsecure. 266 00:22:55,599 --> 00:23:00,750 However it has the advantage of being able\n 267 00:23:00,750 --> 00:23:03,630 as well as broadcast and multicast messages. 268 00:23:03,630 --> 00:23:11,870 So, to get the flexibility of GRE with the\n 269 00:23:11,869 --> 00:23:17,139 The original packet will be encapsulated by\n 270 00:23:17,140 --> 00:23:23,050 the GRE packet will be encrypted and encapsulated\n 271 00:23:23,049 --> 00:23:25,859 So, here’s the original IP packet. 272 00:23:25,859 --> 00:23:30,149 A GRE header and new IP header are added to\nit. 273 00:23:30,150 --> 00:23:35,420 Then this new packet is encrypted, and an\n 274 00:23:35,420 --> 00:23:37,580 We have combined GRE with IPsec. 275 00:23:37,579 --> 00:23:41,409 That’s all I’ll say about GRE over IPsec\nfor now. 276 00:23:41,410 --> 00:23:43,910 You don’t need to know more than this for\nthe CCNA. 277 00:23:43,910 --> 00:23:50,500 Now, regarding the problem of configuring\n 278 00:23:50,500 --> 00:23:56,929 DMVPN, which stands for Dynamic Multipoint\n 279 00:23:56,929 --> 00:24:01,650 routers to dynamically create a full mesh\n 280 00:24:01,650 --> 00:24:04,059 configure every single tunnel. 281 00:24:04,058 --> 00:24:08,799 This is a major oversimplification, but let\n 282 00:24:08,799 --> 00:24:12,960 First, you configure IPsec tunnels to a hub\nsite. 283 00:24:12,960 --> 00:24:17,470 Notice that the router at the top is the hub,\n 284 00:24:17,470 --> 00:24:20,880 to that hub router, but not to the other spoke\nrouters. 285 00:24:22,599 --> 00:24:27,730 Then, the hub router gives each router information\n 286 00:24:28,859 --> 00:24:34,169 So, we only configured hub-and-spoke tunnels,\n 287 00:24:34,170 --> 00:24:36,650 of IPsec tunnels on their own. 288 00:24:36,650 --> 00:24:42,540 To summarize, DMVPN provides the configuration\n 289 00:24:42,539 --> 00:24:48,428 router only needs one tunnel to be configured,\n 290 00:24:48,429 --> 00:24:53,820 because spoke routers can communicate directly\n 291 00:24:53,819 --> 00:24:58,230 Some companies might want all traffic to flow\n 292 00:24:58,230 --> 00:25:02,950 can control the traffic, but other companies\n 293 00:25:02,950 --> 00:25:05,980 communication that a full mesh provides. 294 00:25:05,980 --> 00:25:12,808 Now let’s move on to the other major type\n 295 00:25:12,808 --> 00:25:16,829 Whereas site-to-site VPNs are used to make\n 296 00:25:16,829 --> 00:25:23,109 over the Internet, remote VPNs are used to\n 297 00:25:23,109 --> 00:25:27,449 to access the company’s internal resources\n 298 00:25:27,450 --> 00:25:33,720 Remote-access VPNs typically use TLS, transport\n 299 00:25:33,720 --> 00:25:36,950 VPNs which typically use IPsec. 300 00:25:36,950 --> 00:25:40,529 TLS is also what provides security for HTTPS,\nHTTP secure. 301 00:25:40,529 --> 00:25:47,690 It was formerly known as SSL, Secure Sockets\n 302 00:25:47,690 --> 00:25:51,480 renamed to TLS when it was standardized by\nthe IETF. 303 00:25:51,480 --> 00:25:59,240 VPN client software, for example Cisco AnyConnect,\n 304 00:25:59,240 --> 00:26:03,150 laptops that employees use to work from home. 305 00:26:03,150 --> 00:26:07,370 If you work for a company from home, your\n 306 00:26:09,859 --> 00:26:14,229 These end devices then form secure tunnels\n 307 00:26:16,990 --> 00:26:21,720 This allows the end users to securely access\n 308 00:26:21,720 --> 00:26:25,250 without being directly connected to the company\nnetwork. 309 00:26:25,250 --> 00:26:28,789 Here’s a diagram to help you visualize it. 310 00:26:28,789 --> 00:26:33,389 The end devices on the left want to access\n 311 00:26:35,470 --> 00:26:39,799 They all have Cisco AnyConnect installed,\n 312 00:26:41,099 --> 00:26:46,819 So, the devices each form a TLS VPN tunnel\n 313 00:26:46,819 --> 00:26:51,859 securely communicate with the company’s\n 314 00:26:51,859 --> 00:26:58,230 Note that, just like IPsec, TLS involves encrypting\n 315 00:26:58,230 --> 00:27:00,990 for the sake of time we’ll skip over those\ndetails. 316 00:27:00,990 --> 00:27:07,470 So, finally let’s briefly compare site-to-site\n 317 00:27:07,470 --> 00:27:13,769 Site-to-site VPNs typically use IPsec, and\n 318 00:27:13,769 --> 00:27:18,109 Both of them are protocols that you don’t\n 319 00:27:18,109 --> 00:27:24,019 but you should definitely know their names\n 320 00:27:24,019 --> 00:27:28,619 Site-to-site VPNs provide service to many\n 321 00:27:28,619 --> 00:27:33,759 One IPsec tunnel between two routers or firewalls\n 322 00:27:33,759 --> 00:27:36,000 the sites they are connecting. 323 00:27:36,000 --> 00:27:41,160 On the other hand, remote-access VPNs provide\n 324 00:27:43,349 --> 00:27:49,089 Instead of connecting two sites together,\n 325 00:27:49,089 --> 00:27:54,699 Site-to-site VPNs are typically used to permanently\n 326 00:27:54,700 --> 00:27:59,850 And remote-access VPNs are typically used\n 327 00:27:59,849 --> 00:28:04,259 that want to securely access company resources\n 328 00:28:06,130 --> 00:28:11,059 These two types of VPNs are specifically mentioned\n 329 00:28:11,058 --> 00:28:13,250 know the differences between them. 330 00:28:13,250 --> 00:28:18,640 Okay, before moving on to the quiz let’s\nreview what we covered. 331 00:28:18,640 --> 00:28:23,340 This video was just a shallow look at various\n 332 00:28:23,339 --> 00:28:27,959 Each topic in this video is very important\n 333 00:28:27,960 --> 00:28:32,319 you’re just starting your journey you don’t\n 334 00:28:32,319 --> 00:28:35,609 and the CCNA exam doesn’t expect you to\nknow them all. 335 00:28:38,480 --> 00:28:44,740 Wide Area Networks are used to connect geographically\n 336 00:28:44,740 --> 00:28:50,029 For example, to connect two offices together\n 337 00:28:50,029 --> 00:28:53,369 Then, we looked at leased lines. 338 00:28:53,369 --> 00:28:57,599 Leased lines are dedicated physical connections\n 339 00:28:59,559 --> 00:29:03,559 For many reasons they are being replaced by\n 340 00:29:08,130 --> 00:29:14,690 MPLS allows enterprises to form WANs over\n 341 00:29:14,690 --> 00:29:19,100 Although the traffic of many different customers\n 342 00:29:19,099 --> 00:29:25,579 the label-switching aspect of MPLS allows\n 343 00:29:25,579 --> 00:29:30,500 If you want to really learn how MPLS works,\n 344 00:29:32,500 --> 00:29:38,940 Then we looked at a few ways to connect to\n 345 00:29:38,940 --> 00:29:45,880 And finally Internet VPNs, specifically site-to-site\n 346 00:29:47,609 --> 00:29:51,889 These provide secure connectivity over the\n 347 00:29:54,460 --> 00:29:58,960 Make sure to watch until the end of the quiz\n 348 00:29:58,960 --> 00:30:02,930 ExSim for CCNA, the best practice exams for\nthe CCNA. 349 00:30:02,930 --> 00:30:08,170 Okay, let’s go to quiz question 1. 350 00:30:08,170 --> 00:30:14,029 Which of the following leased line standards\n 351 00:30:14,029 --> 00:30:20,609 Pause the video now to select the correct\nanswer. 352 00:30:22,539 --> 00:30:24,839 Here’s that wikipedia chart again. 353 00:30:24,839 --> 00:30:29,209 I doubt that you’ll have to memorize all\n 354 00:30:29,210 --> 00:30:30,860 hurt to be familiar with them. 355 00:30:30,859 --> 00:30:33,639 Okay, let’s go to quiz question 2. 356 00:30:33,640 --> 00:30:39,800 Jeremy’s IT Lab Professional IT Training\n 357 00:30:41,759 --> 00:30:44,720 Which of the following routers does NOT run\nMPLS? 358 00:30:44,720 --> 00:30:50,710 Pause the video to select the correct answer. 359 00:30:53,269 --> 00:31:00,609 In MPLS, PE, provider edge, and P, provider\n 360 00:31:02,940 --> 00:31:07,890 However, there is no need for the CE, customer\n 361 00:31:13,210 --> 00:31:18,720 Which of the following MPLS VPN types allows\n 362 00:31:20,130 --> 00:31:24,490 Pause the video to select the best answer. 363 00:31:24,490 --> 00:31:31,190 Okay, the answer is A, Layer 2 MPLS VPN. 364 00:31:31,190 --> 00:31:35,940 Although MPLS is sometimes called a Layer\n 365 00:31:35,940 --> 00:31:42,820 between the Layer 2 and Layer 3 headers, there\n 366 00:31:42,819 --> 00:31:49,048 And in Layer 3 MPLS VPNs, the OSPF peerings\n 367 00:31:51,150 --> 00:31:57,350 In a Layer 2 MPLS VPN, the entire service\n 368 00:31:57,349 --> 00:32:02,109 and it is as if the service provider network\n 369 00:32:07,690 --> 00:32:12,558 Which of the following Internet access technologies\n 370 00:32:13,558 --> 00:32:17,480 Pause the video to select the best answer. 371 00:32:22,679 --> 00:32:27,250 Digital Subscriber Line provides connectivity\n 372 00:32:27,250 --> 00:32:32,339 over phone lines, which are typically already\n 373 00:32:32,339 --> 00:32:37,209 As a bonus, it allows users to access the\n 374 00:32:37,210 --> 00:32:41,779 which was not allowed in previous technologies\n 375 00:32:45,740 --> 00:32:49,950 Which of the following protocols can be used\n 376 00:32:49,950 --> 00:32:54,539 flexibility by allowing multicast traffic\n 377 00:32:54,539 --> 00:32:58,849 Pause the video now to select the best answer. 378 00:33:03,750 --> 00:33:09,099 Generic Routing Encapsulation is more flexible\n 379 00:33:09,099 --> 00:33:12,719 well as broadcast packets to be encapsulated\n 380 00:33:12,720 --> 00:33:17,929 However, GRE isn’t secure because it doesn’t\n 381 00:33:17,929 --> 00:33:23,900 So, the GRE packet can be encrypted and then\n 382 00:33:26,009 --> 00:33:28,089 Okay, that’s all for the quiz. 383 00:33:28,089 --> 00:33:47,418 Now let’s take a look at a bonus question\n 31593