Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1306
Views
10
Helpful
4
Replies

DMVPN over GETVPN

alsayed
Level 1
Level 1

‎04-04-2010 02:32 AM - edited ‎03-04-2019 08:01 AM

Hello Experts

When and  Where should be use DMVPN over GETVPN and Vice versa?plz explain it from both technical and Cost Point of view

Thanks

Labels:
0 Helpful
4 Replies 4

Reza Sharifi
Hall of Fame
Hall of Fame

‎04-04-2010 07:54 AM

Hello Alsayed,

Here are some explanations for both technologies:

Q.What is Cisco Group Encrypted Transport VPN?

A.Cisco Group Encrypted Transport is a next-generation WAN VPN solution that defines a new category of VPN, one that does not use traditional point-to-point tunnels. For the first time, it eliminates the need to make the compromise between network intelligence and data privacy. This new security model introduces the concept of "trusted" group member routers, which use a common security methodology that is independent of any point-to-point relationship. By eliminating point-to-point tunnels, Cisco Group Encrypted Transport VPNs can scale much higher while accommodating multicast applications and instantaneous branch-to-branch transactions.

DMVPN stands for Dynamic Multipoint VPN and it is an effective solution for dynamic secure overlay networks. In short, DMVPN is combination of the following technologies:

1) Multipoint GRE (mGRE)
2) Next-Hop Resolution Protocol (NHRP)
4) Dynamic Routing Protocol (EIGRP, RIP, OSPF, BGP)
3) Dynamic IPsec encryption
5) Cisco Express Forwarding (CEF)

http://blog.ine.com/2008/08/02/dmvpn-explained/
HTH
Reza

alsayed
Level 1
Level 1
In response to Reza Sharifi

‎04-04-2010 10:58 PM

Hello Riza

thanks for ur reply;just 1 question more? what is the criteria to choose either DMVPN or GETVPN for customer, what is the base criteria to choose each to meet the requirment?

Thanks

0 Helpful

Jennifer Halim
Cisco Employee
Cisco Employee
In response to alsayed

‎04-04-2010 11:43 PM

Normally GetVPN is used if there are requirement for huge fully meshed network, and it also have native multicast support. For GetVPN you would need to have a requirement to have at least 1 KS (Key Server) and the function if KS is purely for key distribution, and it can't participate in the VPN.

Compared to DMVPN, the underlying technology is GRE (it's multipoint GRE tunnel), and you would need to configure IPSec on top of it to encrypt the GRE tunnels.

Here is more information on DMVPN:

http://www.cisco.com/en/US/products/ps6658/index.html

And more on GetVPN:

http://www.cisco.com/en/US/products/ps7180/index.html

Hope that helps.

alsayed
Level 1
Level 1
In response to Jennifer Halim

‎04-07-2010 11:41 PM

thanks

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card