cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
556
Views
0
Helpful
3
Replies

GETVPN or DMPVN

trevor.teasdale
Level 1
Level 1

Hi

I am researching an easy to manage, full mesh Internet VPN solution across the internet for several sites.

What would be a better solution on the ISR, DMVPN or GETVPN

Thoughts, opinions, comments welcome

cheers

TT

3 Replies 3

ajagadee
Cisco Employee
Cisco Employee

I dont think GETVPN is even an option, since you mentioned IPSEC Across the internet. GETVPN requires private MPLS. So, your option is to go with DMVPN.

Regards,

Arul

Thankyou Arul

Is it possible to explain in two sentences why GETVPN isn't supported across the internet?

Thanks

TT

In GETVPN, the original IP Header is preserved and a copy of the original IP Header is placed in front of the ESP. If you look through the below URL, "Figure 2" compares the encrypted packet in IPSEC and Group Encrypted Transport. In traditional IPSEC, there is a new IP header that is typically, the VPN Servers outside IP Address which is valid routable IP's on the internet. In GET, since the encrypted packets contains a copy of the original IP Header, most of the time the packets are private and not routable on the internet.

GET technology suits MPLS VPN Environment, because your networks are put into a VRF and switched across the Service Provided Network.

Please refer the below URL for details:

http://www.cisco.com/en/US/products/ps6635/products_data_sheet0900aecd80582067.html

Regards,

Arul

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: