DMVPN & GETVPN for Enterprise WAN

Course Level: Intermediate.
Duration: 3 Days

Course Outline

"DMVPN & GETVPN for Enterprise WAN" guides the students through DMVPN and GETVPN technologies and in deep. Taking this course, students will be able to understand WAN Enterprise connection methods, applications, configuration, and troubleshooting. Course will help in designing redundant Enterprise class WAN solution using overlays.

- Course organization
- Theory and Hands on labs approach
- 14 main LAB topics and 3 Troubleshooting scenarios



DMVPN Overview

- Dynamic Multipoint VPN Applications
- Dynamic Multipoint VPN Architecture - 3 pillars and phases
- Pillar 1: Next Hop Resolution Protocol
- Pillar 2: Multipoint GRE (mGRE)
- Pillar 3: IPSec tunnels
- DMVPN Phase 1: configuration specifics, Hub & Spoke behavior
- DMVPN Phase 2: configuration specifics, Hub & Spoke and Spoke to Spoke behavior
- DMVPN Phase 3: configuration specifics, shortcuts and redirects
- Overlay Routing: OSPF vs EIGRP in DMVPN - design challenges
- Configuration explained



Lab Topology overview

- Physical and logical topology description



Basic topology setup - Day 1 Labs

- LAB1: Sites addressing, interfaces setup
- LAB2: DMVPN Hubs and spokes basic configuration
o Tunnels
o NHRP
o IPSec (PSK vs. X.509 authentication)
- LAB3: Prefix exchange and connectivity
- LAB4: Overlay routing configuration (OSPF)



DMVPN – High availability and policy tuning

- Working with dual hub scenario
- LAB5: Ensuring HA architecture
- Switching between DMVPN Phases
- LAB6: Reconfiguring DMVPN deployment for different phases
- Underlying and overlay routing dependencies and tuning
- LAB7: Building anti-loop topology. DMVPN stability.
- Quality of Service (QoS) in DMVPN
- LAB8: Implementing QoS for DMVPN traffic



Troubleshooting in DMVPN - approach

- Testing and troubleshooting exercises
- Q&A and session summary



GETVPN Overview

- Group Encrypted Transport VPN Application and architecture
- Transport mode vs Header preservation and GDOI protocol
- GETVPN Key Server (KS) role, authentication methods, key management, policies
- GETVPN Group Member (GM) role, key management, policies
- High Availability architecture in GETVPN, Cooperative Key Server (COOP)
- Configuration Explained



GETVPN topology setup - Day 2 and 3 Labs

- GETVPN topology overview
- LAB9: Sites addressing, interfaces setup
- LAB10: GETVPN KS and GM provisioning
- LAB11: Underlying network and GETVPN routing
- LAB12: Quality of Service



9) DMVPN and GETVPN coexistence in Enterprise WAN

- Topology overview
- DMVPN and GETVPN challenge definition
- LAB13: Building HA scenario
- LAB14: WAN structure tuning and troubleshooting scenarios



Q&A and course summary

- Q&A session
- Course summary



Register now

If you want to join the ASA training, please fill the online form below.

Grandmetric Ltd.

Mobile Networks, IP Networks, 5G, LTE Advanced, Research