You are here
SEC0001 - DMVPN Phase 1 and 2
Difficulty Level:
Lab Document:
<Please login to see the content>
Category:
Security
The video extends our previous knowledge on NHRP (see videos RS0015, RS0016) by adding IPSec and form DMVPN. We walk through the crypto configuration and point out the specific to support dynamic IPSec tunnel creation for spoke-to-spoke communication. DMVPN is one of the most popular forms of WAN connectivity over internet due to the low configuration requirement and ability to allow additional sites to be brought up with minimal effort, without modifying the Hub configuration.
Topic includes
- DMVPN Phase 1 and 2
- IPSec configuration with 'tunnel protection
Notes:
- Use tunnel mode transport if IPSec terminates on the same device as GRE and save 20 bytes of an IP header per packet.
- Tunnel mode on Hub and Spoke routers do not need to match. If only Hub-and-Spoke is required, Spoke can operate on point-to-point mode (default) instead of multipoint.