GETVPN or DMPVN

Unanswered Question
Jan 8th, 2008

Hi

I am researching an easy to manage, full mesh Internet VPN solution across the internet for several sites.

What would be a better solution on the ISR, DMVPN or GETVPN

Thoughts, opinions, comments welcome

cheers

TT

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ajagadee Wed, 01/09/2008 - 09:27

I dont think GETVPN is even an option, since you mentioned IPSEC Across the internet. GETVPN requires private MPLS. So, your option is to go with DMVPN.

Regards,

Arul

trevor.teasdale... Wed, 01/09/2008 - 16:07

Thankyou Arul

Is it possible to explain in two sentences why GETVPN isn't supported across the internet?

Thanks

TT

ajagadee Wed, 01/09/2008 - 18:13

In GETVPN, the original IP Header is preserved and a copy of the original IP Header is placed in front of the ESP. If you look through the below URL, "Figure 2" compares the encrypted packet in IPSEC and Group Encrypted Transport. In traditional IPSEC, there is a new IP header that is typically, the VPN Servers outside IP Address which is valid routable IP's on the internet. In GET, since the encrypted packets contains a copy of the original IP Header, most of the time the packets are private and not routable on the internet.

GET technology suits MPLS VPN Environment, because your networks are put into a VRF and switched across the Service Provided Network.

Please refer the below URL for details:

http://www.cisco.com/en/US/products/ps6635/products_data_sheet0900aecd80582067.html

Regards,

Arul

Actions

This Discussion