During the Choose the Optimal VPN Service webinar (register here) I got this interesting question: “What are the (customer network) licensing requirements for various VPN solutions?” (the webinar covers MPLS/VPN, VPLS, pseudowires, GRE, GRE-over-IPSec, IPSec VTI, GETVPN, DMVPN and hybrid designs).
All MPLS-based solutions require no special license on the customer side; they are implemented by the Service Provider, the customer requires basic IP routing functionality. Furthermore, BGP is now included in the IP Base image that you get with every ISR router and it’s part of the base 6500/7600 image for quite a while.
GRE and DMVPN (w/o IPSEC) are (according to Feature Navigator) available in IP Base image. I’m positive the GRE part is true; I would check the DMVPN functionality on an actual box before placing the order (or order Advanced IP Services image). For IPSec you need Advanced IP Services or Advanced Security image.
According to an ISR G2 licensing document, you need SECK9 license for both DMVPN and IPSec.