Hi Francesco Molino,

Thanks for your Help :

1. I have one interface for each site .
2. I have two tunnel per each site (1 for DMVPN ,1 for IPSec )and now i have about 8 sites and later will be around over 100 .So i want to calculate minimal RAM requirement for this.I didn't know minimal RAM requirement for BGP.So i want to know?
3. I also confuse this question myself,I really don't know how to integrate my network and ISP Mega port for DMVPN
   So my question is stupid because i ask generally.
4. Noted with thanks
5. I want to know other question,I want to use 802.1x with certificate .Can i use the same Cert for 802.1x that used for VPN ? I mean can i use 1 certificate for both .1x and VPN per site? i will use MS CA server.

Thank a lot,

I have two DC they have different services and different servers.One DC support DMVPN and Old DC doesn't support DMVPN they are not using Cisco devices. we will use DMVPN for some service and L2L for other services.So i want to run two type of VPN in each branch sites.Just i want to know it is possible or not ?

For DMVPN ,which protocol is most prefer ? iBGP or eBGP? if i  consider to use eBGP ,let me know any concern or challenge ?

Hi Francesco Molino,

Thank for your help.I have one more question,if i use two wan link in one router for HUB(now i have only one router ,later i will add one router) .I need to use vrf for DMVPN to get redundancy ? Do we have other way for fail-over wan without using VRF?

No it's not mandatory to have vrf. You can have all in the same vrf or global routing and make one primary by playing with routing protocol or by configuring nhrp cluster on spoke side.

Hi Francesco Molino,

I just want to know the best practice way for this.if i use IP SLA for wan link fail over,it is best pracitise ? Or create 2 DMVPN tunnles on the hub and configuring nhrp cluster on spoke side ?

Because i use second want link is using as a backup link only.i don't want to run vrf because if i will get another router for that backup wan link, i need to sparate those two link.if i use vrf i need to change configuration,right? So let me know which is the best paractise for WAN fail over for DMVPN ,please?

Hi Francesco Molino,

Thanks.If you help with config it is very useful for me.It make me headache every day now :P

.We have two option but i don't know jet with service should we use.ISP told their service is Layer 3 MPLS.Please see the design diagram.Let me know any concern for design ? Our CA server is in DC2 we will use this certificate server for both IPSec and DMVPN. i want to run BGP for DMVPN.I think IPSec also can carry BGP,right? we can use IPSec with BGP ?

Hi Francesco Molino,

I have not much experience in DMVPN with bgp.I have experience in DMVPN with eigrp.

But i can't not find any sample for DMVPN with bgp in internet.if you know the links or sample lab. let me know ,please ? 

Hi,

I alittle confuse in our CE and ISP PE router.ISP provide MPLS L3 service.ISP want me to run BGP between our CE routers and their PE routers.So can i use private AS for each sites ,How is it ?