Manualshelf

User manual

ManualsBrandsvirtual access ManualsComputer equipmentGW1000
161162163164165166167168169170
25: Dynamic Multipoint Virtual Private Network (DMVPN)
_______________________________________________________________________________________________________
25 Dynamic Multipoint Virtual Private Network (DMVPN)
Dynamic Multipoint Virtual Private Network (DMVPN) is a scalable method of
creating VPN IPSec Networks. DMVPN is a suite of three protocols: NHRP, mGRE
and IPSec, used to dynamically create VPN tunnels between different endpoints
in the network without having to pre-configure each device with VPN details of
the rest of endpoints in the network.
25.1 The advantage of using DMVPN
Using DMVPN eliminates the need of IPSec configuration to the physical
interface. This reduces the number of lines of configuration required for a
VPN development. For example, for a 1000-site deployment, DMVPN
reduces the configuration effort at the HUB from 3900 lines to 13.
Adding new peers (spokes) to the VPN requires no changes at the HUB.
Better scalability of the network.
Dynamic IP addresses can be used at the peers’ site.
Spokes can be connected in private or public network.
NHRP NAT extension allows spoke-to-spoke tunnels to be built, even if
one or more spokes is behind a Network Address Translation (NAT)
device.
New HUBs can be added to the network to improve the performances and
reliability.
Ability to carry multicast and main routing protocols traffic (RIP, OSPF,
BGP).
DMVPN can be deployed using Activator, the Virtual Access automated
provisioning system.
Simplifies branch communications by enabling direct branch to branch
connectivity.
Simplifies configuration on the spoke routers. The same IPSec template
configuration is used to create spoke-to-hub and spoke-to-spoke VPN
IPSec tunnel.
Improves business resiliency by preventing disruption of business-critical
applications and services by incorporating routing with standards-based
IPsec technology.
25.2 DMVPN scenarios
Scenario 1: Spoke1, Spoke2 and a hub are in the same public or private
network
_______________________________________________________________________________________________________
© Virtual Access 2015
GW1000 Series User Manual
Issue: 2.4 Page 163 of 255