Securing VPN accross MPLS croud

Unanswered Question
May 21st, 2010

I have vpn to my branched accross SP MPLS. I want security for my traffic. Which is the best , I am looking at Cisco Get VPN, is DMVPN possibleb???

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Giuseppe Larosa Sun, 05/23/2010 - 05:40

Hello Just,

in Cisco MPLS L3 VPN encryption can be performed from CE to CE there is no encryption service on the PE node.

I tested DMVPN between VRF sites of a standard any-to-any MPLS L3 VPN with positive results.

I can only guess that you could use GET VPN as well but I haven't tested this.

Hope to help


Chetan Kumar Ress Mon, 05/24/2010 - 08:18

Hi Just

DMVPN is good solution , If you want to build security over MPLS Cloud.

I had tested the same & it is working fine. I suggest to go with DMVPN with Dual HUB , So it provide you Failover if you HUB router goes down.

Is is like you are creating your own Cloud over Service Provider MPLS cloud & You can use your own routing Protocol ( I Suggest you to go with EIGRP).


Chetan Kumar Thu, 05/27/2010 - 18:59

I just had a discussion about this same topic with my Cisco SE today.  We concluded that GET VPN is a better choice for MPLS VPN environment because GET VPN is specifically designed for MPLS VPN.  In addition, depending on how many hub routers you have, DMVPN can get quite complex.  In my case, we have 3 data centers.  Each data center has two WAN routers.  Each branch office CE has to have 6 different tunnels to each hub router.  Also I need to configure daisey-chain between all 6 hub routers.  On top of that, you need to run a separate routing protocol.

All in all, if you have two hub routers, DMVPN is fine.  If you have more than that, I woud look at GET VPN.  

Chetan Kumar Ress Fri, 05/28/2010 - 06:22

Hi Kevin

as you mention your network from my point of view GET VPN is better solution rather than DMVPN .


Chetan kumar


This Discussion