59:
by statically configuring the hubs (VPN headends) on the spokes, no change in the configuration on the hub is required to accept new spokes. Using this initial hub-and-spoke network, tunnels between spokes can be dynamically built on demand (dynamic-mesh) without additional configuration on the hubs
372:
47:
DMVPN provides the capability for creating a dynamic-mesh VPN network without having to pre-configure (static) all possible tunnel end-point peers, including
122:(Internet Protocol Security) using an IPsec profile, which is associated with a virtual tunnel interface in IOS software. All traffic sent via the tunnel is
143:
83:
365:
211:
56:
236:
840:
432:
397:
170:
schemes (including none) for the encryption of data traversing the tunnels. For security reasons Cisco recommend that customers use
437:
358:
319:
308:
60:
or spokes. This dynamic-mesh capability alleviates the need for any load on the hub to route data between the spoke networks.
835:
163:
105:
330:
171:
69:
417:
422:
55:(Internet Security Association and Key Management Protocol) peers. DMVPN is initially configured to build out a
830:
593:
453:
447:
87:
686:
598:
381:
147:
95:
24:
603:
389:
660:
567:
613:
608:
559:
192:
Phase 3: Starts with Phase 1 and improves scalability of and has fewer restrictions than Phase 2.
32:
20:
670:
618:
572:
271:
99:
623:
261:
189:
Phase 2: Start with Phase 1 then allows spoke-to-spoke tunnels based on demand and triggers.
135:
109:
73:
577:
534:
442:
266:
249:
150:
are generally run between the hub and spoke to allow for growth and scalability. Both
824:
519:
289:
628:
407:
402:
779:
638:
549:
494:
113:
77:
212:"Dynamic Multipoint IPsec VPNs (Using Multipoint GRE/NHRP to Scale IPsec VPNs)"
809:
794:
789:
769:
743:
707:
681:
524:
514:
167:
350:
275:
756:
733:
728:
655:
544:
484:
479:
123:
28:
804:
751:
529:
504:
499:
457:
799:
784:
723:
509:
474:
699:
427:
52:
647:
412:
151:
119:
91:
48:
774:
539:
345:
139:
36:
354:
489:
186:
Phase 1: All traffic flows from spokes to and through the hub.
309:
DMVPN Design Guide: Using a
Routing Protocol Across the VPN
290:"Datacenter Proxies Explained: What It Is and How It Works"
154:
and BGP allow a higher number of supported spokes per hub.
250:"Building Dynamic Mesh VPN Network using MikroTik Router"
116:, or multipoint GRE if spoke-to-spoke tunnels are desired
331:
DMVPN Design Guide: Best
Practices and Known Limitations
248:
Kurniadi, S. H.; Utami, E.; Wibowo, F. W. (Dec 2018).
182:
DMVPN has three phases that route data differently.
742:
716:
698:
669:
646:
637:
586:
558:
467:
388:
320:DMVPN Design Guide: Routing Protocol Configuration
17:Dynamic Multipoint Virtual Private Network (DMVPN)
126:per the policy configured (IPsec transform set)
366:
8:
643:
373:
359:
351:
265:
202:
254:Journal of Physics: Conference Series
7:
35:, and Huawei AR G3 routers, and on
166:tunnels, DMVPN allows for several
14:
51:(Internet Protocol Security) and
267:10.1088/1742-6596/1140/1/012039
82:An IP-based routing protocol,
1:
106:Generic Routing Encapsulation
70:Next Hop Resolution Protocol
102:(DMVPN hub-and-spoke only).
857:
382:Virtual private networking
237:Huawei DSVPN Configuration
39:-like operating systems.
841:Virtual private networks
594:Content-control software
687:Private Internet Access
599:Deep content inspection
468:Connection applications
390:Communication protocols
25:virtual private network
604:Deep packet inspection
57:hub-and-spoke network
836:Network architecture
568:Avast SecureLine VPN
614:Network enumeration
609:IP address blocking
560:Enterprise software
27:(VPN) supported on
818:
817:
765:
764:
671:Kape Technologies
619:Stateful firewall
573:Check Point VPN-1
210:Cisco engineers.
136:Routing protocols
848:
644:
624:TCP reset attack
375:
368:
361:
352:
333:
328:
322:
317:
311:
306:
300:
299:
297:
296:
286:
280:
279:
269:
245:
239:
234:
228:
227:
225:
223:
207:
131:Internal routing
856:
855:
851:
850:
849:
847:
846:
845:
831:Cisco protocols
821:
820:
819:
814:
761:
738:
712:
694:
665:
633:
582:
578:LogMeIn Hamachi
554:
463:
443:Split tunneling
384:
379:
342:
337:
336:
329:
325:
318:
314:
307:
303:
294:
292:
288:
287:
283:
247:
246:
242:
235:
231:
221:
219:
209:
208:
204:
199:
66:
45:
12:
11:
5:
854:
852:
844:
843:
838:
833:
823:
822:
816:
815:
813:
812:
807:
802:
797:
792:
787:
782:
777:
772:
766:
763:
762:
760:
759:
754:
748:
746:
740:
739:
737:
736:
731:
726:
720:
718:
714:
713:
711:
710:
704:
702:
696:
695:
693:
692:
689:
684:
679:
675:
673:
667:
666:
664:
663:
658:
652:
650:
641:
635:
634:
632:
631:
626:
621:
616:
611:
606:
601:
596:
590:
588:
584:
583:
581:
580:
575:
570:
564:
562:
556:
555:
553:
552:
547:
542:
537:
532:
527:
522:
517:
512:
507:
502:
497:
492:
487:
482:
477:
471:
469:
465:
464:
462:
461:
450:
445:
440:
435:
430:
425:
420:
415:
410:
405:
400:
394:
392:
386:
385:
380:
378:
377:
370:
363:
355:
349:
348:
341:
340:External links
338:
335:
334:
323:
312:
301:
281:
240:
229:
201:
200:
198:
195:
194:
193:
190:
187:
180:
179:
160:
159:
144:EIGRP v1 or v2
133:
132:
128:
127:
117:
103:
80:
65:
62:
44:
41:
13:
10:
9:
6:
4:
3:
2:
853:
842:
839:
837:
834:
832:
829:
828:
826:
811:
808:
806:
803:
801:
798:
796:
793:
791:
788:
786:
783:
781:
778:
776:
773:
771:
768:
767:
758:
755:
753:
750:
749:
747:
745:
741:
735:
732:
730:
727:
725:
722:
721:
719:
715:
709:
706:
705:
703:
701:
697:
690:
688:
685:
683:
680:
677:
676:
674:
672:
668:
662:
659:
657:
654:
653:
651:
649:
645:
642:
640:
636:
630:
627:
625:
622:
620:
617:
615:
612:
610:
607:
605:
602:
600:
597:
595:
592:
591:
589:
585:
579:
576:
574:
571:
569:
566:
565:
563:
561:
557:
551:
548:
546:
543:
541:
538:
536:
533:
531:
528:
526:
523:
521:
520:SoftEther VPN
518:
516:
513:
511:
508:
506:
503:
501:
498:
496:
493:
491:
488:
486:
483:
481:
478:
476:
473:
472:
470:
466:
459:
455:
454:Opportunistic
451:
449:
446:
444:
441:
439:
436:
434:
431:
429:
426:
424:
421:
419:
416:
414:
411:
409:
406:
404:
401:
399:
396:
395:
393:
391:
387:
383:
376:
371:
369:
364:
362:
357:
356:
353:
347:
344:
343:
339:
332:
327:
324:
321:
316:
313:
310:
305:
302:
291:
285:
282:
277:
273:
268:
263:
259:
255:
251:
244:
241:
238:
233:
230:
217:
213:
206:
203:
196:
191:
188:
185:
184:
183:
177:
176:
175:
173:
169:
165:
157:
156:
155:
153:
149:
145:
141:
137:
130:
129:
125:
121:
118:
115:
111:
107:
104:
101:
97:
93:
89:
85:
81:
79:
75:
71:
68:
67:
63:
61:
58:
54:
50:
42:
40:
38:
34:
30:
26:
22:
19:is a dynamic
18:
639:VPN Services
629:VPN blocking
587:Risk vectors
403:DirectAccess
326:
315:
304:
293:. Retrieved
284:
257:
253:
243:
232:
222:24 September
220:. Retrieved
215:
205:
181:
161:
134:
64:Technologies
46:
16:
15:
780:Mozilla VPN
550:Shadowsocks
495:OpenConnect
346:Cisco DMVPN
825:Categories
810:Windscribe
795:Proton VPN
790:PrivadoVPN
744:Ziff Davis
708:TunnelBear
682:ExpressVPN
678:CyberGhost
661:SecureLine
525:strongSwan
515:Social VPN
295:2024-09-18
260:: 012039.
197:References
168:encryption
158:Encryption
23:form of a
757:StrongVPN
734:Surfshark
729:NordLayer
545:WireGuard
485:Libreswan
480:FreeS/WAN
276:1742-6596
124:encrypted
29:Cisco IOS
21:tunneling
805:SaferVPN
752:IPVanish
530:tcpcrypt
505:Openswan
500:OpenIKED
458:tcpcrypt
162:As with
138:such as
800:PureVPN
785:Mullvad
724:NordVPN
717:Tesonet
691:Zenmate
510:OpenVPN
475:FreeLAN
448:SSL/TLS
218:. Cisco
108:(GRE),
43:Process
33:routers
31:-based
700:McAfee
428:L2TPv3
274:
178:Phases
112:
76:
53:ISAKMP
648:Avast
413:IPsec
216:Cisco
152:EIGRP
120:IPsec
92:RIPv2
84:EIGRP
49:IPsec
775:IVPN
770:Hola
540:VTun
535:tinc
438:SSTP
433:PPTP
423:L2TP
408:EVPN
398:DTLS
272:ISSN
258:1140
224:2017
140:OSPF
114:1701
88:OSPF
78:2332
37:Unix
656:HMA
490:n2n
418:L2F
262:doi
172:AES
164:GRE
148:BGP
146:or
110:RFC
100:ODR
98:or
96:BGP
74:RFC
827::
456::
270:.
256:.
252:.
214:.
174:.
142:,
94:,
90:,
86:,
72:,
460:)
452:(
374:e
367:t
360:v
298:.
278:.
264::
226:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.