How could GET be easier than DMPVN? :) They both have pros and cons, so you have to look at the current design and decide which will fit better. First, one has to look at the hardware/software pieces to see whether they can do GET-VPN. Also, with ~50 nodes, you probably want a redundant key servers solution. That's 2 extra devices. Then you need to decide where to put the key servers. Also, one needs to look at the integration between features. If you have Zone Based Firewall, then GET is a pain to look at. With DMVPN, you just need to throw the tunnel interface into a zone. If the customer already used GRE/IPSEC, then in my opinion, it's easier to migrate into DMVPN than GET-VPN.
Regards, ---------------------------------------------------------------------------- --------- Luan Nguyen Chesapeake NetCraftsmen, LLC. [Web] http://www.netcraftsmen.net [Blog] http://cnc-networksecurity.blogspot.com/ ------------------------------------------------------------------------ -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Derick Winkworth Sent: Thursday, February 26, 2009 8:01 PM To: Mike Louis Cc: [email protected] Subject: Re: [c-nsp] GET-VPN and BGP We have deployed several networks now with GET, and now that we are used to it.. there is no looking back at DMVPN. When it comes to troubleshooting on the CE device, I feel GET is much easier. There is no overlay network with GET. Mike Louis wrote: > Dear list, > > I am working with a customer who is migrating from a static MPLS VPN to a BGP based MPLS VPN. Today they currently have a hub and spoke IPSEC VPN running overtop of their MPLS WAN. Once they migrate to BGP they would like to have a solution that will support the any-to-any connectivity the MPLS WAN offers and be able to scale well to many sites >50. What are my options here. Configuring point to point static IPSEC tunnels are not practical. > > I see DMVPN and GET-VPN as practical options. Any thoughts or opinions on why they should consider one or the other? > > Any feedback is greatly appreciated. > > Mike > > > > ________________________________ > Note: This message and any attachments is intended solely for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, legally privileged, confidential, and/or exempt from disclosure. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the original sender immediately by telephone or return email and destroy or delete this message along with any attachments immediately. > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > ------------------------------------------------------------------------ > > > No virus found in this incoming message. > Checked by AVG - www.avg.com > Version: 8.0.237 / Virus Database: 270.11.3/1974 - Release Date: 02/26/09 14:51:00 > > _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
