Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
207
Views
0
Helpful
1
Replies

DMVPN for Back-up Only

AJAZ NAWAZ
Level 5
Level 5

‎07-08-2008 05:26 AM - edited ‎03-03-2019 10:38 PM

We have remote site office with private link directly into corporate world. This is the primary circuit.

However, now looking to introduce dmvpn to act as back-up only. Although dmvpn is ipsec, the router still has public ip. As such the corporate would be potentially opened behind this router with no fw.

Which design and features would need to be introduced to protect the business to the same level it would normally?, i.e. dual-skinned fw architecture and vpn dmz's

thanks in advance

Ajaz

Labels:
0 Helpful
1 Reply 1

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎07-09-2008 08:51 AM

Hello,

if you put an ACL on the public interface where you accept only the IPSec tunnels and the IKE negotiation you should provide enough security.

At the hub headquarters site you can use a firewall and put the DMVPN hub router in a DMZ as a further security measure.

Using IPsec AH and ESP you should provide antirepudiation, antireplay, avoid man in the middle etc.

For good security you should use a CA authority and use certificates and not a shared password.

In normal conditions you will have only the IGP hellos traveling in ipsec + mgre if the DMVPN is used only for backup.

hope to help

Giuseppe

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card