04-10-2016 11:21 PM - edited 03-05-2019 03:46 AM
Hello guys!
My question is a bit of a stretch, but I'm trying anyway. I'm looking for a way to use a vpn as a backup route over the internet for multiple locations of a bigger network. As scaleability is a must-have because at this point it's not fully decided how many locations there are going to be and we want the option to potetially develope more locations, I thought that Cisco GET VPN would be the go-to option, but was stumped very quickly. The Network is definitely using multi-VRF's on the routers and thus should be able to transmit those over the VPN. Now the problem I found was that I would need to create subinterfaces on the interface which is connected via VPN, which I don't think is possible.
I'm a bit of a newbie to networking as a whole and would appreciate any help I can get!
Solved! Go to Solution.
04-10-2016 11:58 PM
If you are not using MPLS, and and have a "reasonable" number of VRF's you can still use DMVPN - you just use a DMVPN tunnel per VRF.
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/WAN_and_MAN/ngwane/ngwanedmvpn.pdf
04-11-2016 09:03 AM
GET VPN basically requires a network with no NAT.
So you can use GET VPN on private networks, like MPLS, VPLS, normal WAN links, etc. But because when you connect a private network to the Internet you use nat - GET VPN doesn't work.
GET VPN can be great for a service provider, for their internal networks.
04-10-2016 11:56 PM
GET VPN is no good over the Internet.
Is this an MPLS network? If so, consider using MPLS over DMVPN.
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/WAN_and_MAN/ngwane/ngwanempls.pdf
04-11-2016 12:47 AM
It's definitely not an MPLS Network. DMVPN would've been my second approach, but GET VPN sounded very promising from the introduction (any-to-any connectivity and scaleability) and I would've been very excited if there was a small chance to get it to work. Oh well, but thanks anyway for the quick and spot-on answer. :)
04-11-2016 01:06 AM
Follow-up question: Considering that Cisco GET VPN is in this case the state-of-the-art option, would it be at all possible to use it in a non-MPLS Network with mVRF and if not why?
04-11-2016 09:03 AM
GET VPN basically requires a network with no NAT.
So you can use GET VPN on private networks, like MPLS, VPLS, normal WAN links, etc. But because when you connect a private network to the Internet you use nat - GET VPN doesn't work.
GET VPN can be great for a service provider, for their internal networks.
04-10-2016 11:58 PM
If you are not using MPLS, and and have a "reasonable" number of VRF's you can still use DMVPN - you just use a DMVPN tunnel per VRF.
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/WAN_and_MAN/ngwane/ngwanedmvpn.pdf
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide