Introduction. In this blog, I aim to go a little deeper into how the different DMVPN phases work and how to properly configure the routing. DMVPN Explained. DMVPN stands for Dynamic Multipoint VPN and it is an effective solution for dynamic secure overlay networks. In short. Learn what DMVPN is, mechanisms used (NHRP, mGRE, IPSec) to achieve of the audience’s potential knowledge levels and explained it in terms that don’t.

Author: Akilkis Nabei
Country: Uganda
Language: English (Spanish)
Genre: Software
Published (Last): 16 July 2007
Pages: 495
PDF File Size: 16.75 Mb
ePub File Size: 4.14 Mb
ISBN: 139-8-61376-584-8
Downloads: 95112
Price: Free* [*Free Regsitration Required]
Uploader: Malalabar

DMVPN consists of two mainly deployment designs:. In both cases, the Hub router is assigned a static public IP Address while the branch routers spokes can be assigned static or dynamic public IP addresses. The Hub router undertakes the role of the server while the spoke routers act as the clients. It is important to note that mGRE interfaces do not have a tunnel destination.


Because mGRE tunnels do not have a tunnel destination defined, they cannot be used alone. DMVPN provides a number of benefits which have explaine make them very popular and highly recommended.

Understanding Cisco Dynamic Multipoint VPN – DMVPN, mGRE, NHRP

As stated, DMVPN greatly reduces the necessary configuration in a large scale VPN network by eliminating the necessity for crypto maps and other configuration requirements. The following requirements have been calculated for a traditional VPN network of a company with a central hub and 30 remote offices.

All spokes connect directly to the hub using a tunnel interface. The hub router is configured with three separate tunnel interfaces, one for each spoke:.

Understanding Cisco DMVPN | CiscoZine

In addition, the hub router has three GRE tunnels configured, one for each spoke, making the overall configuration more complicated. In case no routing protocol is used in our VPN network, the addition of one more spoke would mean configuration changes to all routers so that the new spoke is reachable by everyone.


Lastly, traffic between spokes in a point-to-point GRE VPN network must pass through the hub, wasting valuable bandwidth and introducing unnecessary bottlenecks. With mGRE, all spokes are configured with only one tunnel interface, no matter how many spokes they can connect to. All tunnel interfaces are part of the same network.

Understanding Cisco DMVPN

In our diagram below, this is network Furthermore, spoke-to-spoke traffic no longer needs to pass through the hub router but is sent directly from one spoke to another. The flexibility, stability and easy setup it provides are second-to-none, making explainedd pretty much the best VPN solution available these days for any type of network.

Deal with bandwidth spikes Free Download. Web Vulnerability Scanner Free Download.

Articles To Read Next: Unified Communications Components – Understanding Your