VPN Solution for Network Design with 2000 Sites and Dynamic Public IP Addresses

Best VPN Solution for Network Design with 2000 Sites and Dynamic Public IP Addresses

Prev Question Next Question

Question

You are working on a network design plan for a company with approximately 2000 sites.

The sites will be connected using the public Internet.

You plan to use private IP addressing in the network design, which will be routed without NAT through an encrypted WAN network.

Some sites will be connected to the Internet with dynamic public IP addresses, and these addresses may change occasionally.

Which VPN solution will support these design requirements?

Answers

A. GET VPN must be used, because DMVPN does not scale to 2000 sites.

B. DMVPN must be used, because GET VPN does not scale to 2000 sites.

C. GET VPN must be used, because private IP addresses cannot be transferred with DMVPN through the public Internet.

D. DMVPN must be used, because private IP addresses cannot be transferred with GET VPN through the public Internet.

E. GET VPN must be used, because DMVPN does not support dynamic IP addresses for some sites.

F. DMVPN must be used, because GET VPN does not support dynamic IP addresses for some sites.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E. F.

The requirement is to provide a VPN solution that supports private IP addressing and can be routed without NAT through an encrypted WAN network, and can handle dynamic public IP addresses for some sites. Two possible VPN solutions that meet these requirements are GET VPN and DM VPN.

GET VPN (Group Encrypted Transport VPN) is a VPN solution that uses the existing WAN infrastructure and provides end-to-end encryption. It does not require any changes to the underlying network and provides scalability for large networks with multiple sites. GET VPN can support private IP addressing, and the encryption and decryption of the traffic happens on the routers, allowing the original IP header to be preserved. However, GET VPN does not support dynamic IP addresses, which could be a problem for sites that are connected to the Internet with dynamic public IP addresses that change frequently.

DM VPN (Dynamic Multipoint VPN) is another VPN solution that can provide end-to-end encryption and can support private IP addressing. DM VPN is designed to provide scalable and dynamic VPN connectivity between multiple sites using IPsec, GRE, and NHRP protocols. DM VPN is also able to handle dynamic public IP addresses by using NHRP (Next Hop Resolution Protocol) to dynamically learn the public IP address of the remote sites. DM VPN does not require any changes to the underlying network and can be easily deployed in an existing infrastructure.

Based on the above explanation, we can eliminate options A, B, C, and D because they provide incorrect information about the capabilities of GET VPN and DM VPN. Option E suggests that GET VPN must be used because DM VPN does not support dynamic IP addresses for some sites, which is incorrect because DM VPN does support dynamic IP addresses. Option F suggests that DM VPN must be used because GET VPN does not support dynamic IP addresses for some sites, which is also incorrect because GET VPN does not support dynamic IP addresses.

Therefore, the correct answer is none of the above. The correct VPN solution that meets the requirements described in the question would be DM VPN, which can support private IP addressing, end-to-end encryption, and dynamic public IP addresses for some sites.

Prev Question Next Question