Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
651
Views
0
Helpful
2
Replies

DMVPN - Split GRE and Encryption

jsluzewski
Level 1
Level 1

‎03-27-2008 02:10 PM - edited ‎02-21-2020 03:38 PM

I am planning for DMVPN deployment where the hub router is going to be directly connected to the Internet while spokes will reside behind firewalls (PIX 501s). I would like spokes to do just the multipoint GRE and offload encryption to firewalls. The hub router will terminate both mGRE and IPSec. Will it work?

I don't care much for spoke to spoke connectivity.

Labels:
0 Helpful
2 Replies 2

gbudd12345
Level 1
Level 1

‎03-28-2008 08:27 AM

I can't see any reason why this wouldn't work. I havn't done specific DMVPN though PIXs, but I have done just site-specific GRE though PIXs and didn't have a problem with it.

0 Helpful

jsluzewski
Level 1
Level 1
In response to gbudd12345

‎03-28-2008 08:37 AM

In your scenario was PIX encrypting the GRE traffic, or it was just passing traffic that was alread encrypted by the internal router?

0 Helpful
Customers Also Viewed These Support Documents