01-08-2008 10:17 PM - edited 03-09-2019 07:48 PM
Hi
I am researching an easy to manage, full mesh Internet VPN solution across the internet for several sites.
What would be a better solution on the ISR, DMVPN or GETVPN
Thoughts, opinions, comments welcome
cheers
TT
01-09-2008 09:27 AM
I dont think GETVPN is even an option, since you mentioned IPSEC Across the internet. GETVPN requires private MPLS. So, your option is to go with DMVPN.
Regards,
Arul
01-09-2008 04:07 PM
Thankyou Arul
Is it possible to explain in two sentences why GETVPN isn't supported across the internet?
Thanks
TT
01-09-2008 06:13 PM
In GETVPN, the original IP Header is preserved and a copy of the original IP Header is placed in front of the ESP. If you look through the below URL, "Figure 2" compares the encrypted packet in IPSEC and Group Encrypted Transport. In traditional IPSEC, there is a new IP header that is typically, the VPN Servers outside IP Address which is valid routable IP's on the internet. In GET, since the encrypted packets contains a copy of the original IP Header, most of the time the packets are private and not routable on the internet.
GET technology suits MPLS VPN Environment, because your networks are put into a VRF and switched across the Service Provided Network.
Please refer the below URL for details:
http://www.cisco.com/en/US/products/ps6635/products_data_sheet0900aecd80582067.html
Regards,
Arul
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: