Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6727
Views
5
Helpful
6
Replies

Cisco DMVPN vs Palo Alto LSVPN (Large Scale VPN) for Inetnet WAN

Go to solution
dtran
Level 6
Level 6

‎02-18-2016 09:37 AM - edited ‎03-05-2019 03:22 AM

Hi all,

I am looking into best options for an internet WAN solution leveraging either Cisco DMVPN or Palo Alto LSVPN (large scale VPN) to connect my remote sites. I've got a Cisco network infrastructure with two data centers and 25 remote locations, currently all routing via EIGRP. My Palo Alto environment is currently being used as my parameter firewall and remote VPN access.

Currently each remote site is connected via MPLS and my goal is to bring up a second WAN link using the internet as the WAN transport backbone and ideally I would like to load balance traffic across both links. I'll be using Cisco DMVPN or Palo Alto LSVPN for the second WAN link and I am looking into the Pros and Cons between the two.

Has anyone deployed Palo Alto LSVPN ?

I appreciate any inputs / suggestions !! Thanks all in advance !!

Danny

Labels:
0 Helpful
4 Accepted Solutions

Accepted Solutions

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎02-18-2016 10:52 AM

Never even heard of Palo Alto LSVPN.  Never seen it deployed either.  Perhaps that's a sign of how many people are using it.

All I can say is Cisco DMVPN (now iWAN in marketing speak) is rock solid reliable, widely deployed, very flexible, and works really really well.

View solution in original post

0 Helpful

Go to solution
dtran
Level 6
Level 6
In response to Philip D'Ath

‎02-18-2016 01:17 PM

Thanks Philip !! I appreciate the response !!

I know DMVPN has been around for a long time and I agree with everything you said.

Do you know if DMVPN supports full mesh ? or just Hub and spoke ?

You have any docs or configuration sample on DMVPN you can share ?

Danny

View solution in original post

0 Helpful

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni
In response to dtran

‎02-18-2016 03:01 PM

DMVPN supports both full mesh and hub and spoke.

This is the link the the validated design guide.

http://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Aug2014/CVD-VPNWANDesignGuide-AUG14.pdf

If you have kit all running IOS 15.4 or better, use the newer iWAN deployment guide instead.

http://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Jan2015/CVD-IWANDesignGuide-JAN15.pdf

View solution in original post

0 Helpful

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni
In response to dtran

‎02-18-2016 03:56 PM

That information is in the validated design guides I posted above.

View solution in original post

6 Replies 6

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎02-18-2016 10:52 AM

Never even heard of Palo Alto LSVPN.  Never seen it deployed either.  Perhaps that's a sign of how many people are using it.

All I can say is Cisco DMVPN (now iWAN in marketing speak) is rock solid reliable, widely deployed, very flexible, and works really really well.

0 Helpful

Go to solution
dtran
Level 6
Level 6
In response to Philip D'Ath

‎02-18-2016 01:17 PM

Thanks Philip !! I appreciate the response !!

I know DMVPN has been around for a long time and I agree with everything you said.

Do you know if DMVPN supports full mesh ? or just Hub and spoke ?

You have any docs or configuration sample on DMVPN you can share ?

Danny

0 Helpful

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni
In response to dtran

‎02-18-2016 03:01 PM

DMVPN supports both full mesh and hub and spoke.

This is the link the the validated design guide.

http://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Aug2014/CVD-VPNWANDesignGuide-AUG14.pdf

If you have kit all running IOS 15.4 or better, use the newer iWAN deployment guide instead.

http://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Jan2015/CVD-IWANDesignGuide-JAN15.pdf

0 Helpful

Go to solution
dtran
Level 6
Level 6
In response to Philip D'Ath

‎02-18-2016 03:54 PM

Thanks Philip !!

Do you have a high level diagram that shows an overview of the design layout ? I am trying to see what are all the hardware involved and how they are all inter-connect.

Danny

0 Helpful

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni
In response to dtran

‎02-18-2016 03:56 PM

That information is in the validated design guides I posted above.

Go to solution
dtran
Level 6
Level 6
In response to Philip D'Ath

‎02-18-2016 03:59 PM

Cool, thanks Philip !!

Danny

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card