Device Level VPN Types and Supported Configurations Overview
You can create four types of device-level VPNs. Table 1 describes the types of device-level VPNs:
Table 1: Device-Level VPN Types
Device-Level VPN Types
AutoKey IKE VPN
Connect devices and/or protected resources. An AutoKey IKE VPN supports mixed-mode, policy-based, and routing-based VPNs, but does not support RAS users. For details on each step, see Device Level AutoKey IKE VPN: Using Gateway Configuration Overview.
Manual Key IKE VPNs
Authenticate devices, protected resources, and RAS users in the VPN with manual keys. For details on each step, see Device-Level Manual Key VPN: Using XAuth Users Overview.
L2TP RAS VPN
Connect L2TP RAS users and protected resources with authentication but without encryption. For details on each step, see Device Level Manual Key VPN: Using VPN Rule Configuration Overview.
L2TP-over-AutoKey IKE RAS VPN
Connect L2TP RAS users and protected resources. An L2TP-over-AutoKey IKE RAS VPN supports policy-based VPNs and L2TP RAS users, but does not support routing-based VPNs. For details on each step, see Creating Device Level L2TP-over-Autokey IKE VPNs Overview.
Creating device-level AutoKey IKE VPNs is a four stage process:
IKE VPNs support tunnel mode, and can be policy-based or route-based; however, route-based VPNs do not support RAS users.
L2TP VPNs support transport mode and can be policy-based.