Dynamic Multipoint virtual private network (DMVPN) enables an administrator to easily configure scalable IP Security (IPSec) virtual private networks (VPNs) using a hub-and-spoke design. The hub router or routers are typically assigned a static IP address? the spoke routers can be dynamically addressed.
DMVPN requires Generic Routing Encapsulation (GRE), Next Hop Resolution Protocol(NHRP), and a dynamic routing protocol. NHRP is used to create a database of tunnel address to real address mappings. Although several routing protocols can be used to create a DMVPN, Cisco recommends that Enhanced Interior Gateway Routing Protocol (EIGRP) be used to enhance scalability.
A multipoint GRE (mGRE) tunnel is used to carry multiple IPSec or GRE tunnels. Although you can use either tunnel mode or transport mode, Cisco recommends that transport mode be used. In addition, strong encryption should be used, such as Triple Data Encryption Standard (3DES) or Advanced Encryption Standard (AES). Data Encryption Standard (DES) is not as strong as 3DES or AES.
You should enable Dead Peer Detection (DPD) to provide failure detection. By default, DPD messages are sent only if there is a 10second lull in traffic from a tunnel peer and only if there is outbound traffic destined for that tunnel peer. For example, if 10 seconds pass and RouterA has not received traffic from RouterB, RouterA prepares a DPD message for transmission. However, the DPD message is not sent to RouterB until RouterA has traffic to send to RouterB.