Cisco® Dynamic Multipoint VPN (DMVPN) is a Cisco IOS® Software-based security solution for building scalable enterprise VPNs that support distributed applications such as voice and video (Figure 1).

Cisco DMVPN is widely used to combine enterprise branch, teleworker, and extranet connectivity. Major benefits include:

• On-demand full mesh connectivity with simple hub-and-spoke configuration
• Automatic IP Security (IPsec) triggering for building an IPsec tunnel
• “Zero-touch” deployment for adding remote sites
• Reduced latency and bandwidth savings

Cisco DMVPN can be deployed with Cisco IOS Firewall and Cisco IOS IPS, as well as quality of service (QoS), IP Multicast, split tunneling, and routing-based failover mechanisms. Large-scale, highly available Cisco DMVPN deployments are made possible by load-balancing multiple Cisco DMVPN hubs.

Applications

Cisco DMVPN is the preferred solution for organizations requiring encrypted WAN connectivity between remote sites. Factors include the cost-driven use of the Internet to replace or provide backup for private leased lines and Frame Relay links and regulatory pressures requiring encryption of personal WAN links.

• Medium-sized and large enterprises: In industries such as finance, insurance, or retail, numerous sites are typically connected to the corporate headquarters. Critical applications such as bank ATMs and point of sale (POS) machines are deployed over these connections. Cisco DMVPN allows these sites to connect over the Internet, providing privacy and data integrity while meeting the performance requirements of business-critical applications.
• Enterprise small office/home office (SOHO): Cisco DMVPN provides enhanced QoS integration that can support voice and data for employees accessing the network from a SOHO environment.
• Enterprise extranet: Large enterprises frequently require connectivity to many business partners. Cisco DMVPN can secure traffic between the enterprise and various partner sites, providing network segregation by helping to ensure that no spoke-to-spoke traffic is allowed, even through the hub.
• Enterprise WAN connectivity backup: Cisco DMVPN can be a backup solution for private WANs, allowing remote sites to connect securely to the enterprise head office over Internet links.
• Service provider VPN services: Cisco DMVPN enables providers to offer managed VPN services. Traffic from multiple customers can be aggregated in a single provider edge router and kept isolated using features such as Virtual Routing and Forwarding (VRF).