From: Tarun Pahuja (pahujat@gmail.com)
Date: Wed Nov 14 2007 - 14:42:37 ART
Tomimma,
Scott gave you the right answer. You could run DMVPN in
tunnel mode ,but, you would have a lot of restrictions on it. With Transport
mode you enable Nat-transparency feature which would allow DMVPN to work
behind a NAT device.The restriction that the private interface IP address of
the spoke must be unique across the DMVPN network has also been removed with
this feature.
Running an IPSec tunnel has an advantage as well, which is less overhead.
Remember in transport mode there is no new IP Header! it only adds a couple
of bits to the original header!
HTH,
Tarun
On Nov 13, 2007 3:25 PM, h-tomikawa <tomimma@gmail.com> wrote:
> Hi all,
>
> First of all, sorry for off-topic.
>
> I would like to know if you configure DMVPN, is it necessary to
> configure IPSec as "transport" mode. In my situation, some spoke sites
> are behind NAT device.
> However, NAT is configure 1:1 statically with FW.
> I see some CCO Doc explain that it must use "transport" but I really
> don't understand why...
>
> Thanks in advance.
>
> Tomimma
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:29 ART