Solved

Difference between DMVPN phase1 and Phase 2

Posted on 2014-10-18
4
954 Views
Last Modified: 2014-10-22
I have done some reading online trying to understand the difference between DMVPN phase 1 and Phase 2, but still cannot tell the difference other than  IPsec configuration added for phase2
 
Any clear explanation will be very much appreciated.

Thanks
0
Comment
Question by:jskfan
  • 2
4 Comments
 
LVL 45

Assisted Solution

by:Craig Beck
Craig Beck earned 100 total points
ID: 40390143
Crudely...

Phase1 is where IKE authenticates the VPN session, ensuring that a common set of security association protocols are used.  Phase 2 is where IPSec sets up the encryption.
0
 
LVL 32

Accepted Solution

by:
harbor235 earned 400 total points
ID: 40391921
I believe you are talking about DMVPN phase I, II, III which is a little different.

DMVPN Phase I: This phase involves configuring a single mGRE interface on the hub, and all the spokes are still static tunnels so you won’t get any dynamic spoke-to-spoke connectivity. The only advantage of the phase I setup is the fact the hub router’s configuration is much simpler.

DMVPN Phase II: This phase involves everysite being configured with mGRE interface so you get your dynamic spoke-to-spoke connectivity, no more static tunnel destination’s will be configured.

DMVPN Phase III: This phase expands on the scalability of the DMVPN network. This involve summarizing into the DMVPN cloud to provide (Remember EIGRP allows us to summarize out interfaces and BGP allows us to advertise aggregate addresses to neighbors). Along with configuring NHRP redirects and NHRP shortcut switching. NHRP redirects tells the source to find a better path to the destination it is trying to reach. NHRP shortcuts allow DMVPN to learn about other networks behind other DMVPN routers (kind of like ARP for DMVPN). However Phase III will get it’s own post later on.


harbor235 ;}
0
 
LVL 45

Assisted Solution

by:Craig Beck
Craig Beck earned 100 total points
ID: 40391961
Perhaps you can clarify whether you're talking about DMVPN specifically, or just the IPSec VPN part (which also applies when configuring DMVPN)?
0
 

Author Closing Comment

by:jskfan
ID: 40396769
I was talking about DMVPN specifically.

Thank you Guys!!
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I eventually solved a perplexing problem setting up telnet for a new switch.  I installed a new Cisco WS-03560X-24P switch connected to an existing Cisco 4506 running a WS-X4013-10GE Sup II-Plus. After configuring vlans and trunking,  I could no…
The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question