Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Difference between DMVPN phase1 and Phase 2

Posted on 2014-10-18
4
Medium Priority
?
1,098 Views
Last Modified: 2014-10-22
I have done some reading online trying to understand the difference between DMVPN phase 1 and Phase 2, but still cannot tell the difference other than  IPsec configuration added for phase2
 
Any clear explanation will be very much appreciated.

Thanks
0
Comment
Question by:jskfan
  • 2
4 Comments
 
LVL 47

Assisted Solution

by:Craig Beck
Craig Beck earned 400 total points
ID: 40390143
Crudely...

Phase1 is where IKE authenticates the VPN session, ensuring that a common set of security association protocols are used.  Phase 2 is where IPSec sets up the encryption.
0
 
LVL 32

Accepted Solution

by:
harbor235 earned 1600 total points
ID: 40391921
I believe you are talking about DMVPN phase I, II, III which is a little different.

DMVPN Phase I: This phase involves configuring a single mGRE interface on the hub, and all the spokes are still static tunnels so you won’t get any dynamic spoke-to-spoke connectivity. The only advantage of the phase I setup is the fact the hub router’s configuration is much simpler.

DMVPN Phase II: This phase involves everysite being configured with mGRE interface so you get your dynamic spoke-to-spoke connectivity, no more static tunnel destination’s will be configured.

DMVPN Phase III: This phase expands on the scalability of the DMVPN network. This involve summarizing into the DMVPN cloud to provide (Remember EIGRP allows us to summarize out interfaces and BGP allows us to advertise aggregate addresses to neighbors). Along with configuring NHRP redirects and NHRP shortcut switching. NHRP redirects tells the source to find a better path to the destination it is trying to reach. NHRP shortcuts allow DMVPN to learn about other networks behind other DMVPN routers (kind of like ARP for DMVPN). However Phase III will get it’s own post later on.


harbor235 ;}
0
 
LVL 47

Assisted Solution

by:Craig Beck
Craig Beck earned 400 total points
ID: 40391961
Perhaps you can clarify whether you're talking about DMVPN specifically, or just the IPSec VPN part (which also applies when configuring DMVPN)?
0
 

Author Closing Comment

by:jskfan
ID: 40396769
I was talking about DMVPN specifically.

Thank you Guys!!
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question