How DVPN work ?

Unanswered Question
Jun 21st, 2008


If I configure HO router as a DVPN then all branches connected HO is also auto configure VPN ?. its work like DHCP

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.3 (3 ratings)
Marwan ALshawi Sun, 06/22/2008 - 19:48

DMVPN combine gre tunnels with IPSEC protiction actully its called mGRE mean multipoint gre, this kind of vpn considred very scaleable because u need to make only one tunnel interface at the HUB side and also one tunnle interface at the spoke side then all other tunnles will be automatic and the communications between spokes will be for first packet spoke > HUB > spoke then all the subsequent packets will be SPOKE > SPOKE directly

in addition u dont need a static public IP address for each device only one IP requered for the HUB router

easy,manageable and very scaleable

rate if useful

thank you

Farrukh Haroon Sun, 06/22/2008 - 22:36


DMVPM is the combination of multiple technologies (IPSEC,MGRE, Dynaminc IGP routing and NHRP).

IPSEC = provides regular encryption/authenticaiton/integrity etc.

MGRE = The 'GRE' allows multicast/non-IP protocols to go over IPSEC VPN, otherwise its not possible. MGRE allows you to use 'one' tunnel interface to connect multiple VPN peers thereby increasing management and scalability. It differentiates different flows by the help of a tunnel key.

NHRP = Allows the HUB to learn the addresses of the spoke automatically easing management. It also allows the spokes to learn the current Public/Dynamic IPs of other spokes to form direct 'spoke-2-spoke' tunnels to increase scalability.

IGP Routing: Allows the VPN sites to learn about the VPN subnets of each site.

New spoke/branch sites need no change at hub site. Only at the spokes (so it is not pure 'auto configure' as you describe).

Please rate helpful posts.



depadua_chris Mon, 06/23/2008 - 11:39

Is it possible to have a Hub-Spoke setup using DMVPN where some of the spokes act as hubs for other spokes?

I'm trying to create a three level network where the center of it all is the corporate office. The corporate office is the Hub for the main branch offices, and the remote branch offices are spokes of the main branch offices.

Thank you for any help that you might be able to provide.

Marwan ALshawi Mon, 06/23/2008 - 16:32

it is possible which is called by cisco DMVPN phase 3 ( and recomended) in your case is the hirarchical one(muti-hub). u have to make the HQ office the server and hub for the branches, then the branch offices will be the hubs for the remote offices

good luck

rate if useful

depadua_chris Tue, 06/24/2008 - 03:43

I've got HQ setup as a server and hub for the branches. To setup the branches as both a server and hub for the remotes, do I simply use a second Tunnel Interface? And if that's the case, I'm guessing that I would need to use a seperate network-id & tunnel key, but is there anything else that needs to distinguish the second mGRE as seperate?

Thank you for your previous reply. I've rated accordingly. If you're able to help me again, I'd be happy to accomidate.


This Discussion