Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5483
Views
0
Helpful
9
Replies

Benefits of DMVPN

Go to solution
vishal.rane
Level 1
Level 1

‎10-31-2011 12:14 PM - edited ‎03-04-2019 02:06 PM

Hello Guys,

Looking for information on the benefits (Pros / Cons ) of moving from GRE Over IPSEC to DMVPN. In Total we got 30 Remote sites connecting to a single VPN Server in HQ. We plan to have Dual VPN Server terminating on Different ISP to cover failover and redundancy for Internet and VPN Server Hardware.

thanks

Vishal

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marwan ALshawi
VIP Alumni
VIP Alumni

‎10-31-2011 08:33 PM

Just to add to Joseph post,

DMVPN is a very useful, flexible and scaleable tunneling technology where you can build a dmvpn tunneling cloud from simple hub and spoke topology to a multi tier complex hup and spokes topologies and it can be used with IPSec encryption for security and confidentiality but IPSec is optional but highly recommended

Ok ba k to the usage of this technology bellow are some examples where you can use it

- back up to the private WAN to be used over Internet for example

- if a customer has only Internet and with hub and many spokes and the spokes obtain their ip from the ISP not static then with dmvpn each spoke will register with the hub and the hub the will know about the spoke ip to be used as next hope for routing

-curry multi cast and routing traffic

- if a customer use it as main or back up method and they have VoIP dmvpn the best option here as with VoIP you will need direct RTP traffic between endpoints and this will be done by using the dmvpn spoke to spoke or branch to branch direct traffic

- if a customer have WAN network and they want to secure the ip communicatio. Over the WAN then DMVPN with IPSec encryption can be used and on top of it the routing can be run

Hope this help

if helpful Rate

View solution in original post

0 Helpful
9 Replies 9

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎10-31-2011 04:33 PM

Disclaimer

The    Author of this posting offers the information contained within this    posting without consideration and with the reader's understanding that    there's no implied or expressed suitability or fitness for any  purpose.   Information provided is for informational purposes only and  should not   be construed as rendering professional advice of any kind.  Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In    no event shall Author be liable for any damages whatsoever  (including,   without limitation, damages for loss of use, data or  profit) arising  out  of the use or inability to use the posting's  information even if  Author  has been advised of the possibility of such  damage.

Posting

Three benefits of DMVPN:

  • Zero touch hub(s)
  • Remotes can use dynamic public IPs
  • Remotes can directly communicate with each other
0 Helpful

Go to solution
Marwan ALshawi
VIP Alumni
VIP Alumni

‎10-31-2011 08:33 PM

Just to add to Joseph post,

DMVPN is a very useful, flexible and scaleable tunneling technology where you can build a dmvpn tunneling cloud from simple hub and spoke topology to a multi tier complex hup and spokes topologies and it can be used with IPSec encryption for security and confidentiality but IPSec is optional but highly recommended

Ok ba k to the usage of this technology bellow are some examples where you can use it

- back up to the private WAN to be used over Internet for example

- if a customer has only Internet and with hub and many spokes and the spokes obtain their ip from the ISP not static then with dmvpn each spoke will register with the hub and the hub the will know about the spoke ip to be used as next hope for routing

-curry multi cast and routing traffic

- if a customer use it as main or back up method and they have VoIP dmvpn the best option here as with VoIP you will need direct RTP traffic between endpoints and this will be done by using the dmvpn spoke to spoke or branch to branch direct traffic

- if a customer have WAN network and they want to secure the ip communicatio. Over the WAN then DMVPN with IPSec encryption can be used and on top of it the routing can be run

Hope this help

if helpful Rate

0 Helpful

Go to solution
vishal.rane
Level 1
Level 1
In response to Marwan ALshawi

‎10-31-2011 10:10 PM

Thanks for replying. In DMVPN can we have some VPN tunnel with IPSEC and some without IPSEC

thanks

Vishal

0 Helpful

Go to solution
Marwan ALshawi
VIP Alumni
VIP Alumni
In response to vishal.rane

‎10-31-2011 10:16 PM

with DMVPN you use GRE tunnels of type multipoint

you can use a hub with multi GRN tunnels, IPs where spokes can register to

or you might have dual hubs with DMVP tunnels interface

one with IPsec enabled and the other one without

from the spoke point of view you can have two tunnels each one can register to differnt hub/tunnel interface

in this way you will have one secure and the other one not secure/without IPsec

hope this help

if helpful Rate

0 Helpful

Go to solution
vishal.rane
Level 1
Level 1
In response to Marwan ALshawi

‎10-31-2011 10:24 PM

Thanks for quick response.

In scenario where there is One Hub, can I have DMVPN and regular IPSEC VPN on the same box.

thanks

Vishal

0 Helpful

Go to solution
Marwan ALshawi
VIP Alumni
VIP Alumni
In response to vishal.rane

‎10-31-2011 10:46 PM

yes if you have multiple interface to the internet for example with multiple IPs

or you might use some complicated apraochs by using VRFs

you might also try is using policy based routing to send certain traffic over the DMVPN tunnel interface and the other over the normal

please rate the helpful posts

0 Helpful

Go to solution
vishal.rane
Level 1
Level 1
In response to Marwan ALshawi

‎11-01-2011 03:34 AM

Many Many Thanks Marwanshawi

I got another complex scenario for VPN, will post shotly.

thanks

Vishal

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to Marwan ALshawi

‎11-01-2011 09:20 AM

Disclaimer

The     Author of this posting offers the information contained within this     posting without consideration and with the reader's understanding  that    there's no implied or expressed suitability or fitness for any   purpose.   Information provided is for informational purposes only and   should not   be construed as rendering professional advice of any kind.   Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In     no event shall Author be liable for any damages whatsoever   (including,   without limitation, damages for loss of use, data or   profit) arising  out  of the use or inability to use the posting's   information even if  Author  has been advised of the possibility of  such  damage.

Posting

- if a customer use it as main or back up method and they have VoIP dmvpn the best option here as with VoIP you will need direct RTP traffic between endpoints and this will be done by using the dmvpn spoke to spoke or branch to branch direct traffic

For something like VoIP, you would need to use DMVPN with great care.  First, if you allow spoke-to-spoke usage, it's difficult to manage bandwidth to guarantee VoIP service requirements.  Second, DMVPN is a bit inefficient building spoke-to-spoke path, which might also impact VoIP.

0 Helpful

Go to solution
Marwan ALshawi
VIP Alumni
VIP Alumni
In response to Joseph W. Doherty

‎11-01-2011 11:35 PM

you right Joseph but in a case where you have Internet as backup to the WAN or the only communications is over the Internet then DMVPN is much better than traditional lan2lan IPsec VPN especially where you have hub and spoke or many remote sites

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card