Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Difference between DMVPN phase1 and Phase 2

Posted on 2014-10-18
4
Medium Priority
?
1,078 Views
Last Modified: 2014-10-22
I have done some reading online trying to understand the difference between DMVPN phase 1 and Phase 2, but still cannot tell the difference other than  IPsec configuration added for phase2
 
Any clear explanation will be very much appreciated.

Thanks
0
Comment
Question by:jskfan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 47

Assisted Solution

by:Craig Beck
Craig Beck earned 400 total points
ID: 40390143
Crudely...

Phase1 is where IKE authenticates the VPN session, ensuring that a common set of security association protocols are used.  Phase 2 is where IPSec sets up the encryption.
0
 
LVL 32

Accepted Solution

by:
harbor235 earned 1600 total points
ID: 40391921
I believe you are talking about DMVPN phase I, II, III which is a little different.

DMVPN Phase I: This phase involves configuring a single mGRE interface on the hub, and all the spokes are still static tunnels so you won’t get any dynamic spoke-to-spoke connectivity. The only advantage of the phase I setup is the fact the hub router’s configuration is much simpler.

DMVPN Phase II: This phase involves everysite being configured with mGRE interface so you get your dynamic spoke-to-spoke connectivity, no more static tunnel destination’s will be configured.

DMVPN Phase III: This phase expands on the scalability of the DMVPN network. This involve summarizing into the DMVPN cloud to provide (Remember EIGRP allows us to summarize out interfaces and BGP allows us to advertise aggregate addresses to neighbors). Along with configuring NHRP redirects and NHRP shortcut switching. NHRP redirects tells the source to find a better path to the destination it is trying to reach. NHRP shortcuts allow DMVPN to learn about other networks behind other DMVPN routers (kind of like ARP for DMVPN). However Phase III will get it’s own post later on.


harbor235 ;}
0
 
LVL 47

Assisted Solution

by:Craig Beck
Craig Beck earned 400 total points
ID: 40391961
Perhaps you can clarify whether you're talking about DMVPN specifically, or just the IPSec VPN part (which also applies when configuring DMVPN)?
0
 

Author Closing Comment

by:jskfan
ID: 40396769
I was talking about DMVPN specifically.

Thank you Guys!!
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question