Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

GETVPN or DMPVN

Hi

I am researching an easy to manage, full mesh Internet VPN solution across the internet for several sites.

What would be a better solution on the ISR, DMVPN or GETVPN

Thoughts, opinions, comments welcome

cheers

TT

3 REPLIES
Cisco Employee

Re: GETVPN or DMPVN

I dont think GETVPN is even an option, since you mentioned IPSEC Across the internet. GETVPN requires private MPLS. So, your option is to go with DMVPN.

Regards,

Arul

New Member

Re: GETVPN or DMPVN

Thankyou Arul

Is it possible to explain in two sentences why GETVPN isn't supported across the internet?

Thanks

TT

Cisco Employee

Re: GETVPN or DMPVN

In GETVPN, the original IP Header is preserved and a copy of the original IP Header is placed in front of the ESP. If you look through the below URL, "Figure 2" compares the encrypted packet in IPSEC and Group Encrypted Transport. In traditional IPSEC, there is a new IP header that is typically, the VPN Servers outside IP Address which is valid routable IP's on the internet. In GET, since the encrypted packets contains a copy of the original IP Header, most of the time the packets are private and not routable on the internet.

GET technology suits MPLS VPN Environment, because your networks are put into a VRF and switched across the Service Provided Network.

Please refer the below URL for details:

http://www.cisco.com/en/US/products/ps6635/products_data_sheet0900aecd80582067.html

Regards,

Arul

350
Views
0
Helpful
3
Replies