VPN - default gateway for site to site VPN

VPN - default gateway of VPN client


In the context of [VPN](/vpn)s, "interesting traffic" refers to the data packets that meet specific criteria set in the VPN configuration and therefore should be sent through the VPN tunnel for encryption and secure transmission. This concept is crucial in the setup and operation of VPNs, particularly in scenarios involving site-to-site VPNs or remote access VPNs.

Here are key points to understand "interesting traffic":

1. **Criteria-Based Selection**: Interesting traffic is defined based on criteria such as [IP](/ipv4) addresses, protocols, and [port numbers](/transport-layer-port-number). This is typically configured in the VPN's security policies or [access control lists (ACLs)](/acl).

2. **Traffic Filtering**: Only the traffic that matches these criteria is considered interesting and is [routed](/routing) through the VPN tunnel. Other traffic might be routed normally through the standard network paths.

3. **Purpose**: The purpose of defining interesting traffic is to ensure that only sensitive or relevant data is encrypted and sent through the secure VPN tunnel, optimizing performance and security.

4. **Example Scenario**: In a site-to-site VPN, interesting traffic might include all data packets between the internal networks of two offices. For instance, traffic from the IP range 192.168.1.0/24 to 192.168.2.0/24 might be deemed interesting, while traffic to public websites would not be.  Another term for this is [split tunneling](/vpn-split-tunneling)

5. **Configuration Example**: In a VPN configuration file or settings, you might see something like:
   ```
   access-list 100 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
   crypto map VPN-MAP 10 ipsec-isakmp
   match address 100
   set peer 198.51.100.1
   set transform-set TRANSFORM-SET
   ```
   In this example, the access list (ACL) defines the interesting traffic that will trigger the VPN tunnel.

By carefully defining interesting traffic, VPN administrators can ensure that the VPN is used efficiently and only for the intended purposes, thereby enhancing security and performance.

Links:

https://forum.networklessons.com/t/vpn-tunnel-due-to-nat-issue/48395/2?u=lagapidis

VPN - Interesting Traffic

TCP MSS and window size

TCP RST flag

TCP SYN timeout

TCP header options

TCP phantom byte

TCP-IP model

TFTP

Tcl Shell

Telnet

Time to live

Traceroute - Interpreting output

Traceroute asterisk and !H responses

Traceroute

Transparent Cisco IOS Firewall use cases

Transport Layer port number

Troubleshooting - using Telnet to test transport layer ports

Troubleshooting a slow network

Troubleshooting high CPU and memory usage on a switch

UDP - Header

UDP - Maximum Datagram Size

Unicast Reverse Path Forwarding (uRPF)

Unicast traffic

Unknown unicast traffic

Upgrade your R&S skills to modern networking

VACL - Changes to ACL are active immediately

VACL - use cases

VACL vs ACL

VLAN - Extended Range

VLAN - Native VLAN best practices

VLAN - Native VLAN on a router on a stick

VLAN - Private VLAN

VLAN - QinQ troubleshooting

VLAN - Trunk interfaces don't appear in `show vlan` output

VLAN - VLAN IDs 0 and 4095

VLAN Access Lists

VLAN Mapping

VLAN SVI status

VLAN Tag

VLAN control frames

VLAN

VLANs - 802.1Q tunneling (QinQ)

VLANs - Dynamic VLAN membership (VMPS)

VLANs - QinQ and CDP

VLANs - Vlans allowed and active in management domain

VLANs - when a tagged frame arrives on an access port

VLANs SVI

VPN - IKEv2 peer address of 0.0.0.0 0.0.0.0

VPN - NAT Exemption

VPN - crypto keepalive

VPN - split tunneling

VPN DVTI tunnel source

VRF - Definition mode

VRF - VPNv4 address

VRF capability vrf-lite command

VRF lite route leaking

VRF sharing across multiple routers

VRF use cases

VRRP - Virtual IP doesn't respond to pings

VRRP - load balancing

VRRP - support for authentication

VRRP - using the same ID on different interfaces

VRRP - using the same ID on subinterfaces

VRRP on sub-interfaces

VTP - Client can't modify VLANs

VTP - Code Field

VTP - Multiple Servers with VTP version 2

VTP - Per interface configuration

VTP - Pruning the Extended VLAN ID Range

VTP - Revision Numbers on transparent switch

VTP - Versions

VTP - domain name automatically changes

VTP - employing in an emulator

VTP - protecting switches from lower revision numbers

VTP Advertisements

VTP configuration checklist

VTP filtering shared VLANs

VTP how to disable the VLAN trunking protocol

VTP operation over trunks

VTP primary server

VTP revision number maximum

VTP revision number reset

VTP revision number

VXLAN - Control Plane Options

VXLAN - MP-BGP EVPN and Multicast

VXLAN - Use Cases

VXLAN - VLAN to VNI mapping

VXLAN - using an MP-BGP EVPN control plane

VXLAN access trunk port

VXLAN

Value of Cisco certifications

Very-high-bit-rate  Digital Subscriber Line (VDSL)

Virtual Private LAN Service (VPLS)

VPN - Interesting Traffic

Links to this page: