DMVPN and IPSEC : Spot the difference
Today we will talk about the two different tunnelling techniques over the internet; one is called as IPSEC- IP security and other is DMVPN- Dynamic multipoint virtual private network. There are lot of misconceptions about DMVPN and IPSEC, although both are working on the same concept.
Now question is what is the difference, Before we started with the difference lets talk about both one by one, Lets start with the IPSEC first.
IPSEC- IPSECURITY
IPSec is a one of the framework of open standards that provides data confidentiality, integrity and authentication between participating peers at the IP layer. IPSec can be used to protect one or more data flows between IPSec peers,( so the IPSEC peers are the source and the destination for which the IPSEC tunnelling is there). IPSec consists of the following two main protocols:
The one-way hash also involves the use of a secret shared between the two systems, which means that authenticity can be guaranteed.
If we are talking about the function of the AH, it is applied to the entire datagram except for any mutable IP header fields that change in transit: for example, Time to Live (TTL) fields that are modified by the routers along the transmission path
Encapsulating Security Payload (ESP) is a security protocol used to provide confidentiality (encryption), data origin authentication, integrity, optional antireplay service, and limited traffic flow confidentiality by defeating traffic flow analysis.
I will not discuss the full operation of the IPSEC here, now lets move to DMVPN concept
DMVPN-Dynamic multipoint virtual private network
DMVPN allows small locations or you can call them branch offices to communicate directly with each other over the public WAN or Internet, such as when using voice over IP (VOIP) between two branch offices, but doesn't require a permanent VPN connection between sites. It will give you the deployment of IPsec VPNs and improves network performance by reducing latency and jitter, while optimizing head office bandwidth utilisation.
Cisco DMVPN uses a centralised based architecture to provide easier implementation and management for deployments that require granular access controls for diverse user communities, including mobile workers, telecommuters, and extranet users.
Now question is what is the difference, Before we started with the difference lets talk about both one by one, Lets start with the IPSEC first.
IPSEC- IPSECURITY
IPSec is a one of the framework of open standards that provides data confidentiality, integrity and authentication between participating peers at the IP layer. IPSec can be used to protect one or more data flows between IPSec peers,( so the IPSEC peers are the source and the destination for which the IPSEC tunnelling is there). IPSec consists of the following two main protocols:
- Authentication Header (AH)
- Encapsulating Security Payload (ESP)
 |
| Fig 1.1- IPSEC tunneling |
The one-way hash also involves the use of a secret shared between the two systems, which means that authenticity can be guaranteed.
If we are talking about the function of the AH, it is applied to the entire datagram except for any mutable IP header fields that change in transit: for example, Time to Live (TTL) fields that are modified by the routers along the transmission path
Encapsulating Security Payload (ESP) is a security protocol used to provide confidentiality (encryption), data origin authentication, integrity, optional antireplay service, and limited traffic flow confidentiality by defeating traffic flow analysis.
I will not discuss the full operation of the IPSEC here, now lets move to DMVPN concept
DMVPN-Dynamic multipoint virtual private network
DMVPN allows small locations or you can call them branch offices to communicate directly with each other over the public WAN or Internet, such as when using voice over IP (VOIP) between two branch offices, but doesn't require a permanent VPN connection between sites. It will give you the deployment of IPsec VPNs and improves network performance by reducing latency and jitter, while optimizing head office bandwidth utilisation.
 |
| Fig 1.2- DMVPN |
Cisco DMVPN uses a centralised based architecture to provide easier implementation and management for deployments that require granular access controls for diverse user communities, including mobile workers, telecommuters, and extranet users.
- DMVPN will give you the lowers capital and operational expenses, with the help of the DMVPN you can acuity
- With the help of DMVPN you can simplifies branch communications : Yes by the help of DMVPN you can enables direct branch-to-branch connectivity for business applications like voice
- DMVPN will reduces deployment complexity -- With the help of DMVPN you can have simple configuration, dramatically reducing the deployment complexity in VPNs
- With the help of DMVPN it can improves business resiliency -- Withe the help of DMVPN you actually prevents disruption of business-critical applications and services by incorporating routing with standards-based IPsec technology
Lets talk about the difference now:
- Both IPSEC and DMVPN uses public network like internet but the main difference is IPSEC is always point to point while DMVPN is Point to multipoint terminology.
- IPSEC tunneling is always spoke to spoke while DMVPN is always hub to Spoke or you can have hub to spokes multi-tunneling.
- IPSEC is a standard protocol for all while DMVPN is Cisco propriety protocol.
In next article we will cover the difference between DMVPN, EasyVPN and GETVPN in details.
