Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
312
Views
10
Helpful
5
Replies

what is the use cases to choose/prefer one of the below WAN VPN tech over other

Ibrahim Jamil
Level 6
Level 6

‎03-16-2018 04:44 AM - edited ‎03-05-2019 10:07 AM

Hi

 

what is the use cases to choose/prefer one of the below VPN tech over other

 

 

DMVPN :as per my knowledge , DMVPN works over internet

 

GETVPN

 

FLEXvPN

Labels:
0 Helpful
5 Replies 5

Rob Ingram
VIP
VIP

‎03-16-2018 04:57 AM

Hi,

 

Try page 25 on this cisco live presentation

 

Ultimately:

 

DMVPN/FlexVPN - both work over the internet.

DMVPN is preferred for large scale Hub-Spoke + Spoke-to-Spoke

FlexVPN is preferred for Hub-Spoke, IOT and remote access

GETVPN - Private IP network only (MPLS), preserves IP header, so not routable on internet.

 

What is your use case? perhaps we can identify which best fits your requirements

HTH

Ibrahim Jamil
Level 6
Level 6
In response to Rob Ingram

‎03-17-2018 02:45 AM

thanks RJI

 

Will post things here later , stay tuned :) ,

 

so far we choosed DMVPN  with dual hub , 2 x 2921 routers sits in DMZ Behind Firewall

 

any online document

 

thanks

 

 

 

0 Helpful

Ibrahim Jamil
Level 6
Level 6
In response to Rob Ingram

‎03-17-2018 09:58 AM

Hello Raji

 

thanks for usefull links

 

I need config example while the Dual VPN routers sits in DMZ behind  dual firewalls , non-of the above mentioned that

 

 

thanks

0 Helpful

Rob Ingram
VIP
VIP
In response to Ibrahim Jamil

‎03-17-2018 10:44 AM

I doubt there are any/many post out there matching your exact scenario, but at a minimum you will need to allow the traffic on your firewall:

If not natting - UDP 500 and ESP
If natting UDP 500 and UDP 4500 (ESP would be encapsulated inside UDP 4500, so you don't specifically need to allow that).

If natting, when it comes to the configuration of the spokes you'd need to specify the nbma address of the Hub to be the natted IP address.

HTH
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card