Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
660
Views
0
Helpful
2
Replies

Dynamic Multipoint VPN

israa_nema
Level 1
Level 1

‎05-04-2009 01:49 AM

Is ASA device has the ability to provideDynamic Multipoint VPN so that the topology of the network will be like hop and spoke , instead of adding anew site to each device manually .

Labels:
0 Helpful
2 Replies 2

vmoopeung
Level 5
Level 5

‎05-08-2009 10:39 AM

You can able to configure DMVPN in ASA for hub and spoke topology. Dynamic Multipoint VPN (DMVPN) enables better scaling of large and small IPsec VPNs by combining generic routing encapsulation (GRE) tunnels, IP Security (IPsec) encryption, and Next Hop Resolution Protocol (NHRP) routing. In a hub-and-spoke VPN topology, each spoke has a permanent IPsec tunnel to the hub, but not to the other spokes within the topology. Using NHRP, the hub maintains an NHRP database of the public interface addresses of all the spokes (the clients). Each spoke registers its real address with the hub when it boots. When a spoke needs to send a packet to a destination (private) subnet on another spoke, it queries the NHRP server for the VPN address of the destination spoke. After the source spoke learns the peer address of the target spoke, it initiates a dynamic IPsec tunnel to the target spoke.

http://www.cisco.com/en/US/docs/security/security_management/cisco_security_manager/security_manager/3.2.2/user/guide/vpchap.html#wp590566

0 Helpful

srue
Level 7
Level 7
In response to vmoopeung

‎05-08-2009 11:39 AM

DMVPN is not supported on ASA's. Although you can pass DMVPN *through* the ASA - which is not the same thing.

0 Helpful
Customers Also Viewed These Support Documents