Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

dmvpn or getvpn or DVTI

Hello

actually i have situation as discuss below and I'm confused about design and implement which VPN topology i have to choose DMVPN, GETVPN or DVTI

 

i have 4 branch and 1 main site, branches have 2 connectivity to HQ one via INTERNET an another via MPLS, so i want to have Fail-over on links and also have secure tunnel on both ways

Best Regards

John Mayer

Everyone's tags (1)
2 ACCEPTED SOLUTIONS

Accepted Solutions
VIP Purple

GETVPN is not meant to be

GETVPN is not meant to be used over the internet. So this is not the solution.

With this small amount of sites I would configure static VTIs over MPLS and use DVTIs on the internet if the branches have dynamic IPs. If the branches also have static IPs, I would configure these links also with staid VTIs.

DMVPN could also be used in this scenario, but the protocol overhead is not needed in this small-scale-scenario.


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
Cisco Employee

John, Contrary to what

John,

 

Contrary to what Karsten suggested, I think DMVPN would be a good way to go with 15 sites. Once you get everything up and working, it is extremely easy to add new sites with no changes needed on your Hub router. Here's a guide which discusses DMVPN configured in a dual Hub dual cloud scenario: http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/41940-dmvpn.html#dualhubdual

 

You could easily use EIGRP to exchange routes and configure failover if one of the Hubs or tunnels goes down. This document discusses having two physical Hubs, but you can easily configure both DMVPN clouds on a single Hub router.

 

Here's a document which has some DMVPN FAQs: https://supportforums.cisco.com/document/50111/dynamic-multipoint-vpn-dmvpn-design-and-positioning-questions-and-answers-live#Q._What_are_the_advantagesdisadvantages_of_using_DMVPN_or_VTI

 

HTH,

Frank

3 REPLIES
VIP Purple

GETVPN is not meant to be

GETVPN is not meant to be used over the internet. So this is not the solution.

With this small amount of sites I would configure static VTIs over MPLS and use DVTIs on the internet if the branches have dynamic IPs. If the branches also have static IPs, I would configure these links also with staid VTIs.

DMVPN could also be used in this scenario, but the protocol overhead is not needed in this small-scale-scenario.


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
New Member

thanks for your replaymaybe

thanks for your replay

maybe we have to extend our branches up to 15 until end of the year,

in my opinion we can have two DMVPN interface but with single HUB and have EIGRP routing for failover links

is it possible???

and for implementation and maintenance which one of Static VTI or DMVPN you perefer???

Cisco Employee

John, Contrary to what

John,

 

Contrary to what Karsten suggested, I think DMVPN would be a good way to go with 15 sites. Once you get everything up and working, it is extremely easy to add new sites with no changes needed on your Hub router. Here's a guide which discusses DMVPN configured in a dual Hub dual cloud scenario: http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/41940-dmvpn.html#dualhubdual

 

You could easily use EIGRP to exchange routes and configure failover if one of the Hubs or tunnels goes down. This document discusses having two physical Hubs, but you can easily configure both DMVPN clouds on a single Hub router.

 

Here's a document which has some DMVPN FAQs: https://supportforums.cisco.com/document/50111/dynamic-multipoint-vpn-dmvpn-design-and-positioning-questions-and-answers-live#Q._What_are_the_advantagesdisadvantages_of_using_DMVPN_or_VTI

 

HTH,

Frank

436
Views
4
Helpful
3
Replies