IPSec and Dynamic Virtual Private Networks

Hub-and-spoke configurations can be complex to configure when spoke routers need to establish VPNs with other spokes on either a temporary or permanent basis. Fortunately, the Dynamic Multipoint VPN (DMVPN) feature allows administrators to better scale large and small IPSec VPNs by combining GRE tunnels, IPSec encryption, and Next Hop Resolution Protocol (NHRP).

Some of the major benefits of DMVPN include the following:

  • Hub router configuration reduction— The DMVPN feature allows administrators to configure a single multipoint GRE tunnel interface and a single IPSec profile, with no crypto access lists on the hub router to handle all spoke routers. This keeps the size of the configuration on the hub ...

Get CCSP Self-Study: Securing Cisco IOS Networks (SECUR) now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.