Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

DMVPN site to site tunnel?

Dear All,

This  is regarding the DMVPN using mGRE. I want to know that spoke to spoke  traffic passes through hub or it will create the direct tunnel between  spoke to spoke?

Thank You,

Abhisar

Everyone's tags (1)
2 REPLIES
Super Bronze

DMVPN site to site tunnel?

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Depends how you've configure it.  It can do either.

New Member

DMVPN site to site tunnel?

depending on your design you can forces all spoke to spoke traffic to go to the hub OR

spoke to spoke traffic can build dynamic tunnels between each other

the later is a very nice design that does not require each spoke to know about other spokes ahead of time

i more often though prevent this. i require all spoke traffic to transit the hub. i do this when spokes require inet access. This allows me to have a more robust control access to the inet. if you allow spokes to access through a split tunnel arangement, you risk a spoke being infected, a tougher job controlling each spoke, more work looking at numerous log and access files and worse, a bad spoke infecting other sites.

play it safe, controll access the the inet from a single source

225
Views
0
Helpful
2
Replies