Skip to main content
Try Wikispaces Classroom now.
Brand new from Wikispaces.
Pages and Files
Prescription Status Track
Project HIE STANDARD
Dynamic Multipoint VPN (DMVPN)
Dynamic Multipoint Virtual Private Network
A virtual private network, or VPN, uses a 'pipe' system, most commonly the internet to establish a private network connection between two end-points. This connection uses generic router encapsulation (GRE) to communicate and transfer packets of data. This transfer of data alone is not secure, and businesses therefore use IPsec (IP security) to secure their data. However, large businesses commonly have more than one branch, and a communication issue between these branches has led to the creation of the Dynamic Multipoint VPN (DMVPN). Originally, separate branches would have to run all communication and data through a businesses's main location or headquarters to get the data to a second branch. A DMVPN removes that problem by creating a universal GRE tunnel to which all branches have access. The branches can hence use a common GRE tunnel (multiple GRE, or mGRE) to communicate directly with another branch while using IPsec to protect traffic. mGRE's allow a single GRE interface to support multiple IPSec tunnels (Firewall.cx, 2012). The Next Hop Resolution Protocol (NHRP) allows branches non-broadcast multi-access (NBMA) for businesses that want to privately transfer data over the internet. (Chen, 2011). The NHRP is used to resolve dynamic address issue of multiple nodes.
DMVPN configuration consists of building a hub-and-spoke network that statically configures hubs on the spokes (Pote, 2014).
DMVPN's are used to privately and securely transfer data across the internet within one organization. For example, if a healthcare organization transfers a patient to another hospital that provides the appropriate care needed for the patient, protected health information (PHI) will need to be digitally transferred to the new hospital. In order to transfer the patient's information securely and in a timely manner, a DMVPN is used to transmit the data from one hospital to the next. Implementing a DMVPN both decreases administrative costs and simplifies configuration (Firewall.cx, 2012).
DMVPN's are provided by CIsco, which is widely used throughout health organizations
Youtube: DMVPN implentation
In-depth technological description
VPN (Virtual Private Network)
GRE (Generic router encapsulation) (build a logical pipe across the internet)
IPSec (Internet Protocol Security)
NHRP (Next Hop Resolution Protocol)
Firewall.cx. Understanding cisco dynamic multipoint VPN - DMVPN, MGRE, NHRP. (2012, September 1). Retrieved October 29, 2015, from
Firewall CX Definition
Cisco IOS DMVPN overview. (2008, February 1). Retrieved October 29, 2015, from
Pote, P. (2014, September 18). Patent WO2014139646A1 - Communication in a dynamic multipoint virtual private network.
Chen, H. (2011). Design and implementation of secure enterprise network based on DMVPN,
Business Management and Electronic Information
, vol.1, 506-511, 13-15,
help on how to format text
Turn off "Getting Started"