DMVPN versus FlexVPN Tidbit

I want to briefly dissect how DMVPN & FlexVPN are very similar in nature, but hit on some important differences in this tidbit. I will be covering some more in-depth labs relating to the two soon. So to start, FlexVPN is essentially the same as DMVPN in essence, and it is sometimes referred to as DMVPN "Phase 4".

DMVPN operates in three different phases. A high level of these 3 phases consist of:

Phase 1: All traffic flows through the hub.

Phase 2: Allows spoke-to-spoke tunnels.

Phase 3: Improves scalability of Phase 2. NHRP redirect and shortcuts take care of traffic.

Both FlexVPN & DMVPN use the same fundamental technologies which are:

  • IPsec

  • GRE/VTIs

  • NHRP

  • Routing

However, I want to cover some of the differences with FlexVPN. With FlexVPN IKEv2 is used instead of IKEv1, which allows granular configuration such as VRF or QoS. With DMVPN you have to rely on other protocols making it more complex. SVTIs & DVTIs are used which aides in providing additional flexibility (See more here: SVTIs & DVTIs Tidbit). NHRP is used to establish spoke-to-spoke tunnels, but there is no need to register with the hub. With FlexVPN we can rely on IPsec to introduce routing information. Lastly, with FlexVPN we have one standard, and not 3 unique phases.

I also want to cover the NHRP differences between the two:

  • DMVPN = uses NHRP for registration and resolution.

  • FlexVPN = uses NHRP only for resolution.

With FlexVPN we rely on IKEv2 routing which allows us to advertise a /32 route. This advertise route would be the remote tunnel interface address. This IKEv2 feature eliminates NHRP registration needs & allows communication between the hub & spoke/s.

See more about both technologies in other posts. Cheers!


Recent Posts

See All

Troubleshooting FMC Policy Deployment Tidbit

In this tidbit I want to share some tips on how to troubleshoot FMC policy deployment errors. It is important to understand that the policy deployment is broken down into the following phases: Phase

HTTP Methods & Status Codes Tidbit

In this tidbit I want to touch on different types of HTTP Methods & the types of HTTP status codes you may encounter when consuming APIs in regard to automation. HTTP Methods: GET = get user info PATC

FMC & FTD Communication/Registration Tidbit

In this tidbit I want to cover the basics in regard to FTD & FMC registration. I also intend on covering how the two communicate with each other as this can be helpful when having registration issues