DMVPN - Split GRE and Encryption

Unanswered Question
Mar 27th, 2008

I am planning for DMVPN deployment where the hub router is going to be directly connected to the Internet while spokes will reside behind firewalls (PIX 501s). I would like spokes to do just the multipoint GRE and offload encryption to firewalls. The hub router will terminate both mGRE and IPSec. Will it work?

I don't care much for spoke to spoke connectivity.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
gbudd12345 Fri, 03/28/2008 - 08:27

I can't see any reason why this wouldn't work. I havn't done specific DMVPN though PIXs, but I have done just site-specific GRE though PIXs and didn't have a problem with it.

jsluzewski Fri, 03/28/2008 - 08:37

In your scenario was PIX encrypting the GRE traffic, or it was just passing traffic that was alread encrypted by the internal router?


This Discussion