GETVPN or DMPVN

Unanswered Question
Jan 8th, 2008
User Badges:

Hi


I am researching an easy to manage, full mesh Internet VPN solution across the internet for several sites.


What would be a better solution on the ISR, DMVPN or GETVPN


Thoughts, opinions, comments welcome


cheers


TT


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ajagadee Wed, 01/09/2008 - 09:27
User Badges:
  • Cisco Employee,

I dont think GETVPN is even an option, since you mentioned IPSEC Across the internet. GETVPN requires private MPLS. So, your option is to go with DMVPN.


Regards,

Arul


trevor.teasdale... Wed, 01/09/2008 - 16:07
User Badges:

Thankyou Arul


Is it possible to explain in two sentences why GETVPN isn't supported across the internet?


Thanks


TT


ajagadee Wed, 01/09/2008 - 18:13
User Badges:
  • Cisco Employee,

In GETVPN, the original IP Header is preserved and a copy of the original IP Header is placed in front of the ESP. If you look through the below URL, "Figure 2" compares the encrypted packet in IPSEC and Group Encrypted Transport. In traditional IPSEC, there is a new IP header that is typically, the VPN Servers outside IP Address which is valid routable IP's on the internet. In GET, since the encrypted packets contains a copy of the original IP Header, most of the time the packets are private and not routable on the internet.


GET technology suits MPLS VPN Environment, because your networks are put into a VRF and switched across the Service Provided Network.


Please refer the below URL for details:


http://www.cisco.com/en/US/products/ps6635/products_data_sheet0900aecd80582067.html


Regards,

Arul



Actions

This Discussion