cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1451
Views
5
Helpful
2
Replies

DMVPN using VTI on ASA

inlandprinting
Level 1
Level 1

Hey-all

I'm working on re-configuring my topology to simplify it, reduce NAT issues, and utilize the new VTI features introduced in ASA 9.7.1.  i'm currently running 9.8.1 on all of my ASA's which includes 5525's, 5508's.  In addition we have some home users who have permanent VPN's using C800 series Routers.

 

The obvious first question for me is, can DMVPN be done over a VTI interface to an ASA?  Since the home users are on Private DSL or Cable none of them have Static IP addresses.  The current setup therefor has them initiate the VPN connection to the hub ASA which then creates the VPN.  is there a way to do dynamic tunnel interfaces.

 

I may also be wrong on this point, but I believe the VTI interfaces are a 1:1 connection.  so i need a separate VTI interface on the Hub ASA for Each of the 10-15 terminating networks.

 

Thanks in advance.

1 Accepted Solution

Accepted Solutions

Hi,

No, you can't do DMVPN on an ASA, among other things it doesn't support NHRP. I believe an ASA v9.7+ can only do static VTI's.

 

If the remote end are c800 routers, why not setup a router at the main site and then you could setup DMVPN?

 

HTH

View solution in original post

2 Replies 2

Hi,

No, you can't do DMVPN on an ASA, among other things it doesn't support NHRP. I believe an ASA v9.7+ can only do static VTI's.

 

If the remote end are c800 routers, why not setup a router at the main site and then you could setup DMVPN?

 

HTH

Thanks.  that confirms what I've been thinking.  I may hook up the c800's to my border router in the future.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: