ADVPN vs a Full-Mesh

abdul.qadir5001 · ‎04-22-2024

What are the advantages of using ADVPN vs a full-mesh? Please need support. Thanks

balaji.bandi · ‎04-22-2024

High level Cisco do not have ADVPN (this is from Fortinet as i remember correctly)

cisco uses DMVPN / GETvPN - so on that you get more information on the Google

its all depends on the requirement and design one over other, each one have pros and cons (you can find many differences over internet and use cases)

Cisco have overcome some of the issue with SD-WAN so that is buzz word in the market.(buy buying viptela and re-bradded as sd-wan)

below link help you if you have not come across :

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/sdwan-xe-gs-book/cisco-sd-wan-overlay-network-bringup.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

scarriveau · ‎03-22-2025

Hi Balaji,

"ADVPN (this is from Fortinet as i remember correctly)" In regards to this statement, there appears to be a common misconception that ADVPN is from Fortinet when in fact the vendor(s) who are primarily responsible for the development of the ADVPN technology is Juniper and Checkpoint according to the RFC and IETF documentation.

https://datatracker.ietf.org/doc/html/rfc7018

https://datatracker.ietf.org/doc/html/draft-sathyanarayan-ipsecme-advpn-03

Fortinet does have an ADVPN offering and it is supported as part of the SD-WAN solution.

To: Abdul

The primary benefit that ADVPN offers over a full-mesh VPN is that ADVPN is going to scale better many times over because the primary design is a hub-spoke type of topology that can create tunnels dyamically between spokes. Having a dual-hub-spoke topology, you would effectively have all of the benefits of a full mesh with a much simpler VPN design.