05-21-2010 07:28 PM
I have vpn to my branched accross SP MPLS. I want security for my traffic. Which is the best , I am looking at Cisco Get VPN, is DMVPN possibleb???
05-23-2010 05:40 AM
Hello Just,
in Cisco MPLS L3 VPN encryption can be performed from CE to CE there is no encryption service on the PE node.
I tested DMVPN between VRF sites of a standard any-to-any MPLS L3 VPN with positive results.
I can only guess that you could use GET VPN as well but I haven't tested this.
Hope to help
Giuseppe
05-24-2010 08:18 AM
Hi Just
DMVPN is good solution , If you want to build security over MPLS Cloud.
I had tested the same & it is working fine. I suggest to go with DMVPN with Dual HUB , So it provide you Failover if you HUB router goes down.
Is is like you are creating your own Cloud over Service Provider MPLS cloud & You can use your own routing Protocol ( I Suggest you to go with EIGRP).
Regards
Chetan Kumar
05-27-2010 06:59 PM
I just had a discussion about this same topic with my Cisco SE today. We concluded that GET VPN is a better choice for MPLS VPN environment because GET VPN is specifically designed for MPLS VPN. In addition, depending on how many hub routers you have, DMVPN can get quite complex. In my case, we have 3 data centers. Each data center has two WAN routers. Each branch office CE has to have 6 different tunnels to each hub router. Also I need to configure daisey-chain between all 6 hub routers. On top of that, you need to run a separate routing protocol.
All in all, if you have two hub routers, DMVPN is fine. If you have more than that, I woud look at GET VPN.
05-28-2010 06:22 AM
Hi Kevin
as you mention your network from my point of view GET VPN is better solution rather than DMVPN .
Regards
Chetan kumar
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: