PrepAway - Latest Free Exam Questions & Answers

Which of the following is an advantage of FlexVPN over DMVPN?

Which of the following is an advantage of FlexVPN over DMVPN?

A. FlexVPN supports IKEv1.

B. LIexVPN supports NHRP.

C. FlexVPN can be tunneled over a public transport network.

D. FlexVPN supports IKEv2.

E. FlexVPN works with Cisco and non-Cisco devices.

Explanation:
FlexVPN works with Cisco and non-Cisco devices. By contrast, Dynamic Multipoint Virtual Private Network (DMVPN) supports only Cisco devices. FlexVPN is a standards-based VPN technology that simplifies the deployment of site-to-site, remote-access, hub-and-spoke, and spoke-to-spoke topologies.

DMVPN is a Cisco-proprietary VPN technology that leverages the strengths of IP Security (IPSec), multipoint Generic Routing Encapsulation (mGRE), and Next-Hop Resolution Protocol (NHRP) to simplify the implementation of highly scalable, secure networks. In a DMVPN implementation, each spoke router is configured to initiate a connection to a central hub router. The hub router dynamically discovers the spoke’s address during the initial contact and establishes an IPSec tunnel with the spoke router. This IPSec connection forms part of a star topology between the hub router and its corresponding spoke routers. Each spoke router uses NHRP to communicate with the hub router and to learn the public IP address of the other spokes. DMVPN supports dynamic routing protocols and permits spoke routers to have dynamically assigned public addresses.

Like DMVPN, FlexVPN uses NHRP for spoke-to-spoke communication; however, unlike DMVPN, FlexVPN spokes do not have to register with the hub. Therefore, this is not an advantage of FlexVPN over DMVPN. Configuration of NHRP is similar for both DMVPN and FlexVPN.

FlexVPN supports only Internet Key Exchange version 2 (IKEv2); it does not support IKE version 1 (IKEv1). By contrast, DMVPN supports IKEv1 and IKEv2. Therefore, this is not an advantage of FlexVPN over DMVPN.

FlexVPN can be tunneled over a public transport network, such as the Internet. However, DMVPN can also be tunneled over a public transport network. Therefore, this is not an advantage of FlexVPN over DMVPN. By contrast, Group Encrypted Transport (GET) VPN must be tunneled over a private transport network, such as a Multiprotocol Label Switching (MPLS) service provider network.

Reference: https://www.cisco.com/c/en/us/products/collateral/routers/asr-1000-series-aggregation-services-routers/data_sheet_c78-704277.html
https://www.cisco.com/c/en/us/products/collateral/security/dynamic-multipoint-vpn-dmvpn/data_sheet_c78-468520.html
https://www.cisco.com/c/dam/en/us/products/collateral/ios-nx-os-software/enterprise-class-teleworker-ect-solution/prod_brochure0900aecd80582078.pdf (PDF)


Leave a Reply