Is this possible? I'm working on a project involving more than 500 remote sites coming in over ATT's MPLS cloud. The plan is to deploy dmvpn over the ATT MPLS cloud and enable MPLS over the tunnels so we can service multiple vrfs at the remote sites without deploying multiple pvcs from ATT. Hence we're doing this to avoid deploying vrf-lite with multiple pvcs since such a design does not scale for us. We requested CsC service from ATT but that was turned down hence the 2547oDMVPN approach but without IPSEC. In place of IPSEC we plan on using GETVPN for encryption and so far we've not been successful. We have GETVPN deployed on our current p2p WAN circuits (these circuits are being replaced with the ATT MPLS service) so it makes sense for us to continue offering this service to the units we provide services for.
In this deployment, every remote site router (c2811) is a PE. The PE's peer with ATT. There are two ASR 1006 routers. These are the dmvpn hubs. A multipoint gre tunnel from the hub connect to all the remote sites. This is a dual hub and dual dmvpn cloud setup for redundancy. The dmvpn hubs and the remotes are all in one AS. The dmvpn hubs then peer with the campus network. The campus network is one AS. The DMVPN cloud is running BGP with mpls enabled on the tunnels.
Would appreciate any help in getting GETVPN to work in this deployment environment. Will send diagrams and configs if asked for.