Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

DMVPN over GETVPN

Hello Experts

When and  Where should be use DMVPN over GETVPN and Vice versa?plz explain it from both technical and Cost Point of view

Thanks

4 REPLIES
VIP Super Bronze

Re: DMVPN over GETVPN

Hello Alsayed,

Here are some explanations for both technologies:

Q.What is Cisco Group Encrypted Transport VPN?

A.Cisco Group Encrypted Transport is a next-generation WAN VPN solution that defines a new category of VPN, one that does not use traditional point-to-point tunnels. For the first time, it eliminates the need to make the compromise between network intelligence and data privacy. This new security model introduces the concept of "trusted" group member routers, which use a common security methodology that is independent of any point-to-point relationship. By eliminating point-to-point tunnels, Cisco Group Encrypted Transport VPNs can scale much higher while accommodating multicast applications and instantaneous branch-to-branch transactions.

DMVPN stands for Dynamic Multipoint VPN and it is an effective solution for dynamic secure overlay networks. In short, DMVPN is combination of the following technologies:

1) Multipoint GRE (mGRE)
2) Next-Hop Resolution Protocol (NHRP)
4) Dynamic Routing Protocol (EIGRP, RIP, OSPF, BGP)
3) Dynamic IPsec encryption
5) Cisco Express Forwarding (CEF)

HTH
Reza
New Member

Re: DMVPN over GETVPN

Hello Riza

thanks for ur reply;just 1 question more? what is the criteria to choose either DMVPN or GETVPN for customer, what is the base criteria to choose each to meet the requirment?

Thanks

Cisco Employee

Re: DMVPN over GETVPN

Normally GetVPN is used if there are requirement for huge fully meshed network, and it also have native multicast support. For GetVPN you would need to have a requirement to have at least 1 KS (Key Server) and the function if KS is purely for key distribution, and it can't participate in the VPN.

Compared to DMVPN, the underlying technology is GRE (it's multipoint GRE tunnel), and you would need to configure IPSec on top of it to encrypt the GRE tunnels.

Here is more information on DMVPN:

http://www.cisco.com/en/US/products/ps6658/index.html

And more on GetVPN:

http://www.cisco.com/en/US/products/ps7180/index.html

Hope that helps.

New Member

Re: DMVPN over GETVPN

thanks

963
Views
10
Helpful
4
Replies