Solved

DMVPN mGRE vs IPSec VPN

Posted on 2014-07-30
4
620 Views
Last Modified: 2014-08-20
Hello Experts,

I'm looking for help compiling convincing arguments why my company should migrate from their existing IPSec VPN to Ciscos DMVPN.

Just so you know I fully understand why DMVPN is a better option if you were creating an IP VPN from scratch. However, I'm trying to convince the organisation to tear down existing and rebuild their IP VPN with Cisco's DMVPN.

I'm very interested to hear what experts come back with on this topic

cpatte7372
0
Comment
Question by:cpatte7372
  • 2
4 Comments
 
LVL 20

Expert Comment

by:rauenpc
ID: 40229241
Some of my arguments would depend on existing configuration.
Are you running GRE over IPSEC in any way?
Are you using static routes to get traffic to go through the tunnels? Are these routes being redistributed into routing protocols?
Do you have multiple head ends or redundant tunnels?
Any need or desire for spoke to spoke traffic?
What hardware is used for the tunnels today? ASA's, routers, etc.
Any expected site growth or additions?
How often are changes made, such as adding/removing subnets at the hubs or spokes?
0
 

Author Comment

by:cpatte7372
ID: 40229376
We are running GRE over IPSEC in tunnel mode
We use static routes which are being redistributed into eigrp
We have multiple headends.
Spoke to spoke allows for a fully meshed environment.
We use 887 for the tunnels.
There is a mild expectation in growth,


So, what do you experts think?
0
 
LVL 22

Accepted Solution

by:
Matt V earned 500 total points
ID: 40268517
Switching to the DMVPN model with what you describe would:
- lessen the amount of configuration on the hub router(s)
- make adding a new spoke easier/quicker
- allow dynamic tunnels between spokes only when traffic requires it
- would allow fully dynamic routing with no static route maintenance
- would allow for spoke sites with dynamic IPs (slightly less secure) if required
- should work find with 887 routers, less work for the routers with DMVPN versus specified tunnels
0
 

Author Closing Comment

by:cpatte7372
ID: 40272367
Cheers
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now