cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
659
Views
0
Helpful
2
Replies

Dynamic Multipoint VPN

israa_nema
Level 1
Level 1

Is ASA device has the ability to provideDynamic Multipoint VPN so that the topology of the network will be like hop and spoke , instead of adding anew site to each device manually .

2 Replies 2

vmoopeung
Level 5
Level 5

You can able to configure DMVPN in ASA for hub and spoke topology. Dynamic Multipoint VPN (DMVPN) enables better scaling of large and small IPsec VPNs by combining generic routing encapsulation (GRE) tunnels, IP Security (IPsec) encryption, and Next Hop Resolution Protocol (NHRP) routing. In a hub-and-spoke VPN topology, each spoke has a permanent IPsec tunnel to the hub, but not to the other spokes within the topology. Using NHRP, the hub maintains an NHRP database of the public interface addresses of all the spokes (the clients). Each spoke registers its real address with the hub when it boots. When a spoke needs to send a packet to a destination (private) subnet on another spoke, it queries the NHRP server for the VPN address of the destination spoke. After the source spoke learns the peer address of the target spoke, it initiates a dynamic IPsec tunnel to the target spoke.

http://www.cisco.com/en/US/docs/security/security_management/cisco_security_manager/security_manager/3.2.2/user/guide/vpchap.html#wp590566

DMVPN is not supported on ASA's. Although you can pass DMVPN *through* the ASA - which is not the same thing.