Dynamic Multipoint Virtual Private Network

Each spoke router has a permanent IPsec tunnel to the hub router (red lines), and the temporary IPsec tunnels between individual spoke routers are set up dynamically as required (dashed lines).

Dynamic Multipoint Virtual Private Network ( DMVPN ) is in hub-and-spoke - networks applied to the hub router to relieve if multiple spoke routers want each other to establish connections. DMVPN is Cisco proprietary and, despite "dynamic" in its name, belongs to Site-to-Site-VPN.

use

The configuration of traditional VPN connections in a hub-and-spoke environment can be quite large and complicated, depending on the number of spoke routers. Every hub router needs its own ISAKMP peer statements, GRE tunnels, crypto- ACLs and crypto maps.

DMVPN solves many problems by using existing technologies such as IPsec , GRE tunnels and NHRP (Next Hop Resolution Protocol). With hub routers, only one mGRE interface and one IPsec profile are used for all connections. Even if a new spoke router is added, no further settings need to be made on the hub router.

Connection establishment

Spoke routers learn from each other with the help of a dynamic routing protocol. (Mostly OSPF or EIGRP , but other protocols are also supported). DMVPN also supports several hub routers so that the connections can be designed redundantly . DMVPN is fully meshed, so load balancing is also possible.

distribution

DMVPN is used, among other things, at ATMs and other POS terminals to guarantee the highest possible reliability .

Web link

• cisco.com / ... - DMVPN overview (English; PDF file)

Individual evidence

1. ↑ DMVPN (dynamic multipoint VPN). Retrieved May 11, 2019 . 
2. ↑ Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications Data Sheet. Retrieved May 11, 2019 . 
3. ↑ Cisco IOS Software Secure Connectivity Overview, page 6. Retrieved on May 11, 2019 .