Explanation/Reference:
Section: Enterprise Network Design Explanation
Explanation:
Virtual private networks (VPNs) typically have a lower cost to implement than traditional WANs, send encrypted traffic, and provide for easy network expansion. VPNs send traffic through a tunnel over the Internet, which is a public WAN, not over dedicated lines. Therefore, you might choose a point-to-point WAN that uses dedicated leased lines instead of a VPN solution if you wanted to prevent traffic from being tunneled through a public network. A VPN securely connects remote offices or users to a central network by tunneling encrypted traffic through the Internet. By implementing a VPN solution rather than a point-to- point WAN between branch offices, a company can benefit from all of the following:
Cost savings - There is no need to lease lines from a telecommunications service provider in order to

construct a WAN if you implement a VPN over an existing Internet connection. Therefore, the cost of implementing a VPN is less than that of implementing a traditional leased-line WAN. However, a VPN solution does require Internet access for each individual site or mobile user that is to connect to the VPN. Regular service fees from an Internet service provider (ISP) should be factored into any VPN proposal.
Encrypted traffic - Unlike leased-line WANs, VPNs provide encryption for transmitted data and

therefore do not transmit packets as clear text. VPNs can use a variety of encryption methods within the IP Security (IPSec) protocol framework to secure traffic between an organization and its remote locations or users. Alternatively, some VPN installations encrypt data by using Secure Sockets Layer (SSL), which is the encryption standard used by many online retailers, banks, and other Internet based businesses.
Easy network expansion - VPN access typically requires only an Internet connection, a VPN gateway

appliance, such as a router, firewall, or Cisco Adaptive Security Appliance (ASA), and in some installations, a software application. Therefore, expanding a VPN to include new locations and remote users is typically less expensive and requires less configuration than connecting a new site to a leased- line WAN.
There are two general types of VPN: site-to-site and remote access. A site-to-site VPN is used to create a tunnel between two remote VPN gateways. Devices on the networks connected to the gateways do not require additional software to use the VPN? instead, all transmissions are handled by the gateway device, such as an ASA device. Conversely, a remote access VPN is used to connect individual clients through the Internet to a central network. Remote access VPN clients must use either VPN client software or an SSL- based VPN to establish a connection to the VPN gateway.
Reference:
CCDA 200-310 Official Cert Guide, Chapter 6, WAN and Enterprise Edge Overview, p. 218 Cisco: Virtual Private Network (VPN)