As all of my sites are connected via DMVPN with HUB but now i need to move one site from DMVPN to IPSEC due to technology enhancement, So I need to know as my HUB router has single interface and one public IP address where DMVPN is working. Can I create IPSEC on same interface and public IP of my HUB router where DMVPN is working?
As i don't have any IPsec profile called on my dmvpn tunnel interface. So if I simply create ipsec profile/crypto map for my new site and call it on router same interface so according to your provided answer it will not make any problem right?
For Other Sites
interface Tunnel0 !--- No crypto map or IPsec profile called on this DMVPN Tunnel interface tunnel source FastEthernet 0/0
For Site where DMVPN will be removed and only Ipsec will be used between cisco and some other brand firewall
crypto map dynmap !----- IPsec profile called on physical interface
I do Lab and test dynamic and DMVPN without IPSec it work good, BUT dmvpn without IPSec is risky. also do lab from your side and check. note:- 1-dynamic-map ipsec make only spoke initiate traffic toward spoke. 2- set peer for ipsec in spoke is config with public ip of Hub.