Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
364
Views
0
Helpful
5
Replies

Cisco GET VPN in a scalable VRF Network

Go to solution
Jonas.Kotyra1
Level 1
Level 1

‎04-10-2016 11:21 PM - edited ‎03-05-2019 03:46 AM

Hello guys!

My question is a bit of a stretch, but I'm trying anyway. I'm looking for a way to use a vpn as a backup route over the internet for multiple locations of a bigger network. As scaleability is a must-have because at this point it's not fully decided how many locations there are going to be and we want the option to potetially develope more locations, I thought that Cisco GET VPN would be the go-to option, but was stumped very quickly. The Network is definitely using multi-VRF's on the routers and thus should be able to transmit those over the VPN. Now the problem I found was that I would need to create subinterfaces on the interface which is connected via VPN, which I don't think is possible.


I'm a bit of a newbie to networking as a whole and would appreciate any help I can get!

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎04-10-2016 11:58 PM

If you are not using MPLS, and and have a "reasonable" number of VRF's you can still use DMVPN - you just use a DMVPN tunnel per VRF.

http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/WAN_and_MAN/ngwane/ngwanedmvpn.pdf

View solution in original post

0 Helpful

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni
In response to Jonas.Kotyra1

‎04-11-2016 09:03 AM

GET VPN basically requires a network with no NAT.

So you can use GET VPN on private networks, like MPLS, VPLS, normal WAN links, etc.  But because when you connect a private network to the Internet you use nat - GET VPN doesn't work.

GET VPN can be great for a service provider, for their internal networks.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎04-10-2016 11:56 PM

GET VPN is no good over the Internet.

Is this an MPLS network?  If so, consider using MPLS over DMVPN.

http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/WAN_and_MAN/ngwane/ngwanempls.pdf

0 Helpful

Go to solution
Jonas.Kotyra1
Level 1
Level 1
In response to Philip D'Ath

‎04-11-2016 12:47 AM

It's definitely not an MPLS Network. DMVPN would've been my second approach, but GET VPN sounded very promising from the introduction (any-to-any connectivity and scaleability) and I would've been very excited if there was a small chance to get it to work. Oh well, but thanks anyway for the quick and spot-on answer. :)

0 Helpful

Go to solution
Jonas.Kotyra1
Level 1
Level 1
In response to Philip D'Ath

‎04-11-2016 01:06 AM

Follow-up question: Considering that Cisco GET VPN is in this case the state-of-the-art option, would it be at all possible to use it in a non-MPLS Network with mVRF and if not why?

0 Helpful

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni
In response to Jonas.Kotyra1

‎04-11-2016 09:03 AM

GET VPN basically requires a network with no NAT.

So you can use GET VPN on private networks, like MPLS, VPLS, normal WAN links, etc.  But because when you connect a private network to the Internet you use nat - GET VPN doesn't work.

GET VPN can be great for a service provider, for their internal networks.

0 Helpful

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎04-10-2016 11:58 PM

If you are not using MPLS, and and have a "reasonable" number of VRF's you can still use DMVPN - you just use a DMVPN tunnel per VRF.

http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/WAN_and_MAN/ngwane/ngwanedmvpn.pdf

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card