Hi Shadi`,

Thanks for your response.

I need some time to go thru the GET VPN concept.

By the way, do you think DMVPN scales well for these many spoke sites (150-200)? Do you recommend DMVPN?

Thank you.

B.Rgds,

Lim TS

Hi Lim,

I think DMVPN will scale well for this number of spokes, but you will need to take care selecting the HUB platform to be will capable of handling that number :)

regards,

Shadi`

Hi Shadi`,

I'm configuring IPSec transport mode for DMVPN as follows:

!

crypto ipsec transform-set tset1 esp-des esp-sha-hmac

mode transport

!

crypto ipsec profile dmvpnprof

set transform-set tset1

!

Which mode is more recommended for DMVPN? I understand that transport mode is required to support NAT-Transparency Aware DMVPN enhancement. But DMVPN Design Guide recommends tunnel mode.

Please advise.

Thank you.

B.Rgds,

Lim TS

I am using DMVPN (tunnel mode GRE multipoint) with 120 or so tunnels on a DS3 (remote site T1's). Termination point is a 3825 running at an average of 15% CPU.

I've had it up just over a year now and couldn't be happier. I can deploy a new site without ever touching my main hub router and the network itself has never dropped. The best part is, I was able to move data centers on the fly by just adding a second tunnel to each remote site, then removing the original.