CCNP Security | DMVPN Phase 3 Configuration

Get 30% off with: You can use promo code: OSCAROGANDO2
Follow Me on Twitter:


DMVPN stands for Dynamic Multipoint VPN. It is a technique where we can build a VPN network on hub-spoke topologies dynamically without having the need to configure the devices statically. DMVPN also supports IPsec encryption and hence is a popular technique for building tunnels over internet connectivity thus acting as an alternative to MPLS connectivity solutions. DMVPN is usually deployed in HUB and Spoke topologies. Hub has a single multipoint tunnel interface and all the spoke sites have a single point-point tunnel interface with Hub site.

1) NHRP requests are no longer triggered by invalid CEF entries. This means that routing information could be effectively summarized.
2) Hub is no longer used as the only source of NHRP information. Instead of this, all spokes participate in NHRP information exchange. This model is less “server-based” but rather more “peer-to-peer”.
3) NHRP replies contain whole routing prefixes, instead of just next-hop information.

Another good news is that initial spoke2spoke packet is now switched using CEF, not process switching like it was before. With NHRP Phase 2, the initial packet has to be switches via process path, as the CEF adjacency is not yet valid (in “glean” state) but with NHRP Phase 2 we’re using CEF all the time.

Share the Post:

Related Posts

Help Us By Donating