DMVPN over GETVPN

Unanswered Question
Reza Sharifi Sun, 04/04/2010 - 07:54
User Badges:
  • Super Bronze, 10000 points or more
  • Cisco Designated VIP,

    2017 LAN

Hello Alsayed,


Here are some explanations for both technologies:


Q.What is Cisco Group Encrypted Transport VPN?

A.Cisco Group Encrypted Transport is a next-generation WAN VPN solution that defines a new category of VPN, one that does not use traditional point-to-point tunnels. For the first time, it eliminates the need to make the compromise between network intelligence and data privacy. This new security model introduces the concept of "trusted" group member routers, which use a common security methodology that is independent of any point-to-point relationship. By eliminating point-to-point tunnels, Cisco Group Encrypted Transport VPNs can scale much higher while accommodating multicast applications and instantaneous branch-to-branch transactions.

DMVPN stands for Dynamic Multipoint VPN and it is an effective solution for dynamic secure overlay networks. In short, DMVPN is combination of the following technologies:

1) Multipoint GRE (mGRE)
2) Next-Hop Resolution Protocol (NHRP)
4) Dynamic Routing Protocol (EIGRP, RIP, OSPF, BGP)
3) Dynamic IPsec encryption
5) Cisco Express Forwarding (CEF)

HTH
Reza
Jennifer Halim Sun, 04/04/2010 - 23:43
User Badges:
  • Cisco Employee,

Normally GetVPN is used if there are requirement for huge fully meshed network, and it also have native multicast support. For GetVPN you would need to have a requirement to have at least 1 KS (Key Server) and the function if KS is purely for key distribution, and it can't participate in the VPN.

Compared to DMVPN, the underlying technology is GRE (it's multipoint GRE tunnel), and you would need to configure IPSec on top of it to encrypt the GRE tunnels.


Here is more information on DMVPN:

http://www.cisco.com/en/US/products/ps6658/index.html


And more on GetVPN:

http://www.cisco.com/en/US/products/ps7180/index.html


Hope that helps.

Actions

This Discussion