A friend recently wrote several blog posts about DMVPN with various routing protocols. Good stuff. On a side note - that blog is also an awesome Nexus resource.
http://www.fryguy.net/2011/08/03/dmvpn/ http://www.fryguy.net/2011/08/04/dmvpn-and-routing-protocols-ospf/ http://www.fryguy.net/2011/08/05/dmvpn-and-routing-protocols-%E2%80%93-eigrp/ http://www.fryguy.net/2011/08/05/dmvpn-and-routing-protocols-rip/ http://www.fryguy.net/2011/08/06/dmvpn-and-routing-protocols-bgp/ http://www.fryguy.net/2011/08/07/dmvpn-and-routing-protocols-%e2%80%93-cdp/ On Tue, Aug 9, 2011 at 1:36 AM, Matt Hill <[email protected]> wrote: > This is pretty much the same as all I have been able to find so far, > and further confirms my previous thoughts. > > The client swore when I asked him about DMVPN, so I will chase up his > issue. Currently they have a large number of sites (~150) with a full > mesh IPsec solution. Its a real PITA when it comes time to add a new > site!* > > Thanks for the input guys! > > Cheers, > Matt > > CCIE #22386 > CCSI $31207 > > *Glad that one is some other guy's problem > > On 9 August 2011 15:12, Rogelio Gamino <[email protected]> wrote: > > Check the second bullet point on page 44. > > > > http://www.cisco.com/web/strategy/docs/gov/IntegNet_Feb17_915_Lynn.pdf > > > > Will DMVPN work? > > > > > > > > > > On Aug 8, 2011, at 10:02 PM, Matt Hill wrote: > > > >> Hi There, > >> > >> NLR - Not List Related. If this does not interest you, then please > >> ignore/delete, otherwise, please continue. > >> > >> A client of mine is interested in using GETVPN to simplify full-mesh > >> IPSec deployments. They have a requirement to hide the IPs of the > >> hosts talking over the VPN. This is currently done via sending > >> everything down a GRE tunnel so the only traffic seen over the network > >> is just the tunnel endpoints, as opposed to the talking hosts. > >> > >> Consider: > >> > >> HostA--R1--OtherNetwork--R2--HostB > >> > >> "OtherNetwork" being the transit network. Someone sitting in there > >> only sees a bunch of encrypted traffic from R1 to R2 and vice-versa. > >> They dont know it is HostA talking to HostB or some other host on each > >> site. With GETVPN and IP Header Preservation (which has its merits) > >> one can see the originating hosts, with the data being encrypted. > >> > >> So, is there any way to conceal the end host IP addresses whilst using > >> GETVPN? The configuration guide just tells me how good IP Header > >> Preservation is > >> ( > http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_encrypt_trns_vpn_ps10591_TSD_Products_Configuration_Guide_Chapter.html > ) > >> and some Googling the best result I can find is that "By default, > >> GETVPN preserves the header". The word "default" implies I can change > >> this default behaviour somehow. > >> > >> Any help is appreciated. > >> > >> Cheers, > >> Matt > >> > >> CCIE #22386 > >> CCSI #31207 > >> _______________________________________________ > >> For more information regarding industry leading CCIE Lab training, > please visit www.ipexpert.com > >> > >> Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > -- Jay Taylor CCIE #28391 @JTIE_6EE7 _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
