© Copyright Nostre Net
DMVPN allows data exchanges on a secure network without the use of a headquarter’s VPN server or router. While a VPN acts as a connector between remote sites and HQ, or between different branches, the DMVPN creates a mesh VPN protocol that can be applied selectively to connections being utilized in the business already. Each different site (or spoke) can connect to one another securely. This is done using VPN firewall concentrators and routers, with DMVPN configuration on the routers in place at remote sites to allow the DMVPN mesh to be applied to the connection that it’s making at the time.
DMVPN Components
Multiple GRE tunnel interfaces: a single GRE interface that can secure several IPsec tunnels, reducing the overall scope of the DMVPN configuration
IPsec tunnel endpoint discovery: meaning that static crypto maps between individual IPsec tunnel endpoints do not have to be configured
Routing Protocols: which can allow the DMVPN to find routes between different endpoints much more effectively
NHRP: which can deploy spokes with assigned IP addresses that can then be connected to from the central DMVPN hub.
DMVPN Phases
There are three distinct types, or phrases, of DMVPN design, all of which can be found on the Cisco DMVPN design guide. To summarize them briefly, however, they are as follows:
What is DMVPN?
DMVPN Cisco is, effectively, a solution that allows different branch locations using the same resources to communicate directly and safely with one another via public WAN or internet connections, rather than having to use an internal network. The way that it does this doesn’t utilize a permanent VPN connection between the various sites, but rather through a centralized architecture that can apply VPN protection and granular access controls on an as-you-need-it basis. As such, when communications are open or access has to be granted to specific digital resources, it applies the security features of a VPN on a more selective basis. DVPN also integrates modes of communication, such as the VoIP system, into the protections of a VPN.
The Wall