Solved

DMVPN mGRE vs IPSec VPN

Posted on 2014-07-30
4
683 Views
Last Modified: 2014-08-20
Hello Experts,

I'm looking for help compiling convincing arguments why my company should migrate from their existing IPSec VPN to Ciscos DMVPN.

Just so you know I fully understand why DMVPN is a better option if you were creating an IP VPN from scratch. However, I'm trying to convince the organisation to tear down existing and rebuild their IP VPN with Cisco's DMVPN.

I'm very interested to hear what experts come back with on this topic

cpatte7372
0
Comment
Question by:cpatte7372
  • 2
4 Comments
 
LVL 20

Expert Comment

by:rauenpc
ID: 40229241
Some of my arguments would depend on existing configuration.
Are you running GRE over IPSEC in any way?
Are you using static routes to get traffic to go through the tunnels? Are these routes being redistributed into routing protocols?
Do you have multiple head ends or redundant tunnels?
Any need or desire for spoke to spoke traffic?
What hardware is used for the tunnels today? ASA's, routers, etc.
Any expected site growth or additions?
How often are changes made, such as adding/removing subnets at the hubs or spokes?
0
 

Author Comment

by:cpatte7372
ID: 40229376
We are running GRE over IPSEC in tunnel mode
We use static routes which are being redistributed into eigrp
We have multiple headends.
Spoke to spoke allows for a fully meshed environment.
We use 887 for the tunnels.
There is a mild expectation in growth,


So, what do you experts think?
0
 
LVL 22

Accepted Solution

by:
Matt V earned 500 total points
ID: 40268517
Switching to the DMVPN model with what you describe would:
- lessen the amount of configuration on the hub router(s)
- make adding a new spoke easier/quicker
- allow dynamic tunnels between spokes only when traffic requires it
- would allow fully dynamic routing with no static route maintenance
- would allow for spoke sites with dynamic IPs (slightly less secure) if required
- should work find with 887 routers, less work for the routers with DMVPN versus specified tunnels
0
 

Author Closing Comment

by:cpatte7372
ID: 40272367
Cheers
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article is a guide to configure bridging on Cisco Routers.  This is something I never knew was possible until after making a few phone calls to Cisco.  Using bridging saved our company money by not requiring us to purchase a new switch.  Bridgi…
I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question