Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1775
Views
5
Helpful
5
Replies

somewhat like DMVPN but without IPSec tunnel protection just mGRE

Go to solution
iskoy.istem
Level 1
Level 1

‎07-30-2011 10:36 AM - edited ‎03-04-2019 01:08 PM

Hi,

I haven't simulated this yet on lab environment but I may be implementing this set-up. The set-up is somewhat like the idea of DMVPN but without IPSec tunnel protection. The scalability feature of DMVPN through NHRP is what I am utilizing for this planned set-up. Is this doable? I'll just have single tunnel at the Hub and scalably add spokes through time without changing configurations at the Hub Router? Can it be done without the security license or security IOS on the router?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎07-30-2011 10:50 AM

Hello Joseph,

The DMVPN work flawlessly also without IPsec! You simply do not configure anything about crypto profiles or maps or whatever. Simply create the mGRE tunnels and configure the NHRP to do its work, then run an appropriate routing protocol over it. The IPsec protection is an optional add-on over the DMVPN, and if you know you do not need it, you do not need to configure it.

As a matter of fact, when I was teaching my ISCW courses, I always first introduced the DMVPNs without IPsec, and only after we went through the chapter about IPsec, we added the IPsec protection to DMVPNs.

Best regards,

Peter

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎07-30-2011 10:50 AM

Hello Joseph,

The DMVPN work flawlessly also without IPsec! You simply do not configure anything about crypto profiles or maps or whatever. Simply create the mGRE tunnels and configure the NHRP to do its work, then run an appropriate routing protocol over it. The IPsec protection is an optional add-on over the DMVPN, and if you know you do not need it, you do not need to configure it.

As a matter of fact, when I was teaching my ISCW courses, I always first introduced the DMVPNs without IPsec, and only after we went through the chapter about IPsec, we added the IPsec protection to DMVPNs.

Best regards,

Peter

0 Helpful

Go to solution
iskoy.istem
Level 1
Level 1
In response to Peter Paluch

‎07-30-2011 11:27 AM

Thanks peter for the prompt response to this query. So I can do it without security IOS or sec license on my router? Just simply creating the tunnel at Hub and applying NHRP mapping and it would work like I have a DMVPN infrastructure? I will simulate this on the lab. Thanks!

0 Helpful

Go to solution
paolo bevilacqua
Hall of Fame
Hall of Fame
In response to iskoy.istem

‎07-30-2011 11:42 AM

As Peter said, DMPVN / mGrRE works perfectly without encryption.

Go to solution
iskoy.istem
Level 1
Level 1
In response to paolo bevilacqua

‎07-30-2011 11:48 AM

Ok Paolo, now its been clear. I have just confirmed it too on the lab. Thanks guys!

0 Helpful

Go to solution
paolo bevilacqua
Hall of Fame
Hall of Fame
In response to iskoy.istem

‎07-30-2011 02:46 PM

I wanted to add, to specifically answer your question, that with nhrp and ospf, adding a branch without touching the hub, is perfectly possible.

Thanks for the nice rating and good luck !

0 Helpful
Customers Also Viewed These Support Documents