Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Securing VPN accross MPLS croud

I have vpn to my branched accross SP MPLS. I want security for my traffic. Which is the best , I am looking at Cisco Get VPN, is DMVPN possibleb???

Hall of Fame Super Silver

Re: Securing VPN accross MPLS croud

Hello Just,

in Cisco MPLS L3 VPN encryption can be performed from CE to CE there is no encryption service on the PE node.

I tested DMVPN between VRF sites of a standard any-to-any MPLS L3 VPN with positive results.

I can only guess that you could use GET VPN as well but I haven't tested this.

Hope to help


Re: Securing VPN accross MPLS croud

Hi Just

DMVPN is good solution , If you want to build security over MPLS Cloud.

I had tested the same & it is working fine. I suggest to go with DMVPN with Dual HUB , So it provide you Failover if you HUB router goes down.

Is is like you are creating your own Cloud over Service Provider MPLS cloud & You can use your own routing Protocol ( I Suggest you to go with EIGRP).


Chetan Kumar

New Member

Re: Securing VPN accross MPLS croud

I just had a discussion about this same topic with my Cisco SE today.  We concluded that GET VPN is a better choice for MPLS VPN environment because GET VPN is specifically designed for MPLS VPN.  In addition, depending on how many hub routers you have, DMVPN can get quite complex.  In my case, we have 3 data centers.  Each data center has two WAN routers.  Each branch office CE has to have 6 different tunnels to each hub router.  Also I need to configure daisey-chain between all 6 hub routers.  On top of that, you need to run a separate routing protocol.

All in all, if you have two hub routers, DMVPN is fine.  If you have more than that, I woud look at GET VPN.  

Re: Securing VPN accross MPLS croud

Hi Kevin

as you mention your network from my point of view GET VPN is better solution rather than DMVPN .


Chetan kumar

CreatePlease to create content