DMVPN mGRE vs IPSec VPN

Hello Experts,

I'm looking for help compiling convincing arguments why my company should migrate from their existing IPSec VPN to Ciscos DMVPN.

Just so you know I fully understand why DMVPN is a better option if you were creating an IP VPN from scratch. However, I'm trying to convince the organisation to tear down existing and rebuild their IP VPN with Cisco's DMVPN.

I'm very interested to hear what experts come back with on this topic

cpatte7372
cpatte7372Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rauenpcCommented:
Some of my arguments would depend on existing configuration.
Are you running GRE over IPSEC in any way?
Are you using static routes to get traffic to go through the tunnels? Are these routes being redistributed into routing protocols?
Do you have multiple head ends or redundant tunnels?
Any need or desire for spoke to spoke traffic?
What hardware is used for the tunnels today? ASA's, routers, etc.
Any expected site growth or additions?
How often are changes made, such as adding/removing subnets at the hubs or spokes?
0
cpatte7372Author Commented:
We are running GRE over IPSEC in tunnel mode
We use static routes which are being redistributed into eigrp
We have multiple headends.
Spoke to spoke allows for a fully meshed environment.
We use 887 for the tunnels.
There is a mild expectation in growth,


So, what do you experts think?
0
Matt VCommented:
Switching to the DMVPN model with what you describe would:
- lessen the amount of configuration on the hub router(s)
- make adding a new spoke easier/quicker
- allow dynamic tunnels between spokes only when traffic requires it
- would allow fully dynamic routing with no static route maintenance
- would allow for spoke sites with dynamic IPs (slightly less secure) if required
- should work find with 887 routers, less work for the routers with DMVPN versus specified tunnels
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
cpatte7372Author Commented:
Cheers
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.