Solved

Difference between DMVPN phase1 and Phase 2

Posted on 2014-10-18
4
1,044 Views
Last Modified: 2014-10-22
I have done some reading online trying to understand the difference between DMVPN phase 1 and Phase 2, but still cannot tell the difference other than  IPsec configuration added for phase2
 
Any clear explanation will be very much appreciated.

Thanks
0
Comment
Question by:jskfan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 46

Assisted Solution

by:Craig Beck
Craig Beck earned 100 total points
ID: 40390143
Crudely...

Phase1 is where IKE authenticates the VPN session, ensuring that a common set of security association protocols are used.  Phase 2 is where IPSec sets up the encryption.
0
 
LVL 32

Accepted Solution

by:
harbor235 earned 400 total points
ID: 40391921
I believe you are talking about DMVPN phase I, II, III which is a little different.

DMVPN Phase I: This phase involves configuring a single mGRE interface on the hub, and all the spokes are still static tunnels so you won’t get any dynamic spoke-to-spoke connectivity. The only advantage of the phase I setup is the fact the hub router’s configuration is much simpler.

DMVPN Phase II: This phase involves everysite being configured with mGRE interface so you get your dynamic spoke-to-spoke connectivity, no more static tunnel destination’s will be configured.

DMVPN Phase III: This phase expands on the scalability of the DMVPN network. This involve summarizing into the DMVPN cloud to provide (Remember EIGRP allows us to summarize out interfaces and BGP allows us to advertise aggregate addresses to neighbors). Along with configuring NHRP redirects and NHRP shortcut switching. NHRP redirects tells the source to find a better path to the destination it is trying to reach. NHRP shortcuts allow DMVPN to learn about other networks behind other DMVPN routers (kind of like ARP for DMVPN). However Phase III will get it’s own post later on.


harbor235 ;}
0
 
LVL 46

Assisted Solution

by:Craig Beck
Craig Beck earned 100 total points
ID: 40391961
Perhaps you can clarify whether you're talking about DMVPN specifically, or just the IPSec VPN part (which also applies when configuring DMVPN)?
0
 

Author Closing Comment

by:jskfan
ID: 40396769
I was talking about DMVPN specifically.

Thank you Guys!!
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses
Course of the Month9 days, 3 hours left to enroll

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question