Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1581
Views
15
Helpful
4
Replies

Point to Point VPN with Dynamic IP vs Hub & Spoke

Go to solution
Chess Norris
Level 4
Level 4

‎10-26-2022 02:58 AM - edited ‎10-26-2022 03:06 AM

Hello,

When the remote end is using a dynamic IP you have the option in FMC to set the remote end IP address as dynamic, but you can also configure the Site to Site VPN as a "Hub and Spoke". Both types of VPN will use a dynamic crypto ACL, so is there really any difference between the two types of VPN:s? 

Thanks

/Chess

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎10-26-2022 03:35 AM

@Chess Norris there is a difference. A P2P VPN is between 2 peers (regardless whether they are using a dynamic IP on the outside interface). Where as hub and spoke can be used with multiple spokes connected to a hub.

View solution in original post

Go to solution
MHM Cisco World
VIP
VIP

‎10-26-2022 04:20 AM - edited ‎10-26-2022 05:00 AM

for IOS based device
if you talk about hub and spoke DMVPN and P2P IPsec with dynamic map then the different 

P2P IPsec with dynamic map is policy-based VPN 
DMVPN is route-based VPN

both used in case the Spoke (in dmvpn) and dynamic peer (in p2p) are initiated the traffic except 
in DMVPN there is additional step which is NHRP register. 

View solution in original post

4 Replies 4

Go to solution
Rob Ingram
VIP
VIP

‎10-26-2022 03:35 AM

@Chess Norris there is a difference. A P2P VPN is between 2 peers (regardless whether they are using a dynamic IP on the outside interface). Where as hub and spoke can be used with multiple spokes connected to a hub.

Go to solution
MHM Cisco World
VIP
VIP

‎10-26-2022 04:20 AM - edited ‎10-26-2022 05:00 AM

for IOS based device
if you talk about hub and spoke DMVPN and P2P IPsec with dynamic map then the different 

P2P IPsec with dynamic map is policy-based VPN 
DMVPN is route-based VPN

both used in case the Spoke (in dmvpn) and dynamic peer (in p2p) are initiated the traffic except 
in DMVPN there is additional step which is NHRP register. 

Go to solution
Rob Ingram
VIP
VIP
In response to MHM Cisco World

‎10-26-2022 04:54 AM - edited ‎10-26-2022 04:55 AM

the original post states they are using an FMC, DMVPN is not supported on FTD platform, so misleading/confusing to mention in this context.

Go to solution
Chess Norris
Level 4
Level 4

‎10-26-2022 05:03 AM - edited ‎10-26-2022 05:04 AM

Thanks, I can see now that you can add as much endpoints you want for the Hube and Spoke, but that's not possible with P2P. 

I have a lab network at home with a FTD 1010 and a Palo Alto 460 firewall that connects with VPN to my office FTD 2130. I get a different IP address everytime I switch between the FTD and the PA. Since I newer use both firewalls connected at the same time, I guess I can use the same P2P tunnel on the office firewall for both my lab firewalls consider all tunnel settings, ACPs and NAT are the same on both the Palo and the FTD.

/Chess

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card