cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2679
Views
10
Helpful
8
Replies

How DVPN work ?

biplobkhan
Level 1
Level 1

Hi

If I configure HO router as a DVPN then all branches connected HO is also auto configure VPN ?. its work like DHCP

8 Replies 8

The HUB (HO) router has static(known) ip, while the spokes(branch) router may have dynamic(unknown) IP.

http://www.cisco.com/en/US/products/ps6658/index.html

Marwan ALshawi
VIP Alumni
VIP Alumni

DMVPN combine gre tunnels with IPSEC protiction actully its called mGRE mean multipoint gre, this kind of vpn considred very scaleable because u need to make only one tunnel interface at the HUB side and also one tunnle interface at the spoke side then all other tunnles will be automatic and the communications between spokes will be for first packet spoke > HUB > spoke then all the subsequent packets will be SPOKE > SPOKE directly

in addition u dont need a static public IP address for each device only one IP requered for the HUB router

easy,manageable and very scaleable

rate if useful

thank you

Hi

Thanks to clear me.

Biplob

Farrukh Haroon
VIP Alumni
VIP Alumni

Hello

DMVPM is the combination of multiple technologies (IPSEC,MGRE, Dynaminc IGP routing and NHRP).

IPSEC = provides regular encryption/authenticaiton/integrity etc.

MGRE = The 'GRE' allows multicast/non-IP protocols to go over IPSEC VPN, otherwise its not possible. MGRE allows you to use 'one' tunnel interface to connect multiple VPN peers thereby increasing management and scalability. It differentiates different flows by the help of a tunnel key.

NHRP = Allows the HUB to learn the addresses of the spoke automatically easing management. It also allows the spokes to learn the current Public/Dynamic IPs of other spokes to form direct 'spoke-2-spoke' tunnels to increase scalability.

IGP Routing: Allows the VPN sites to learn about the VPN subnets of each site.

New spoke/branch sites need no change at hub site. Only at the spokes (so it is not pure 'auto configure' as you describe).

Please rate helpful posts.

Regards

Farrukh

Is it possible to have a Hub-Spoke setup using DMVPN where some of the spokes act as hubs for other spokes?

I'm trying to create a three level network where the center of it all is the corporate office. The corporate office is the Hub for the main branch offices, and the remote branch offices are spokes of the main branch offices.

Thank you for any help that you might be able to provide.

it is possible which is called by cisco DMVPN phase 3 ( and recomended) in your case is the hirarchical one(muti-hub). u have to make the HQ office the server and hub for the branches, then the branch offices will be the hubs for the remote offices

good luck

rate if useful

I've got HQ setup as a server and hub for the branches. To setup the branches as both a server and hub for the remotes, do I simply use a second Tunnel Interface? And if that's the case, I'm guessing that I would need to use a seperate network-id & tunnel key, but is there anything else that needs to distinguish the second mGRE as seperate?

Thank you for your previous reply. I've rated accordingly. If you're able to help me again, I'd be happy to accomidate.

hi there

i am sure the link bellow will help you to achive what you want

then i think you gonna increase your rating :)

the link:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6525/ps9370/ps6658/prod_presentation0900aecd80313ca9.pdf

if you have anymore questions send me

thank you and good luck

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: