Dynamic Multipoint Virtual Private Network

Dynamic Multipoint Virtual Private Network is a dynamic tunneling form of a virtual private network supported on Cisco IOS-based routers, Huawei AR G3 routers, and Unix-like operating systems.
DMVPN provides the capability for creating a dynamic-mesh VPN network without having to statically pre-configure all possible tunnel end-point peers, such as IPsec and ISAKMP peers. DMVPN is initially configured to build a hub-and-spoke network by statically configuring the hubs on the spokes; no change in the configuration on the hub is required to accept new spokes. Using this initial hub-and-spoke network, tunnels between spokes are dynamically built on demand without additional configuration on the hubs or spokes. This dynamic-mesh capability alleviates the need for any load on the hub to route data between the spoke networks.

Technologies

Next Hop Resolution Protocol,
An IP-based routing protocol, EIGRP, OSPF, RIPv2, BGP or ODR.
Generic Routing Encapsulation,, or multipoint GRE if spoke-to-spoke tunnels are desired
IPsec using an IPsec profile, which is associated with a virtual tunnel interface in IOS software. All traffic sent via the tunnel is encrypted per the policy configured

;Internal routing
Routing protocols such as OSPF, EIGRP v1 or v2 or BGP are generally run between the hub and spoke to allow for growth and scalability. Both EIGRP and BGP allow a higher number of supported spokes per hub.
;Encryption
As with GRE tunnels, DMVPN allows for several encryption schemes for the encryption of data traversing the tunnels. For security reasons Cisco recommend that customers use AES.
;Phases
DMVPN has three phases that route data differently.

Phase 1: All traffic flows from spokes to and through the hub.
Phase 2: Start with Phase 1 then allows spoke-to-spoke tunnels based on demand and triggers.
Phase 3: Starts with Phase 1 and improves scalability of and has fewer restrictions than Phase 2.