Solved

DMVPN configuration example

Posted on 2009-07-09
6
2,440 Views
Last Modified: 2012-05-07
Hi
1.I am looking for config sample for spoke -to-spoke directly

2.I am looking for config sample for spoke -to-spoke VIA hub

Thanks in ADVANCE
0
Comment
Question by:alimohammed72
  • 4
6 Comments
 
LVL 28

Expert Comment

by:asavener
ID: 24822617
0
 
LVL 28

Expert Comment

by:asavener
ID: 24822621
0
 
LVL 28

Expert Comment

by:asavener
ID: 24822626
You might also want to investigate the new technology GET VPN.
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 

Author Comment

by:alimohammed72
ID: 24826327
this is good for sopke to spoke via HUB but I am looking for SPOKE-SPOKE directly
0
 
LVL 28

Accepted Solution

by:
asavener earned 500 total points
ID: 24826694
The second link shows that:

"Background Theory  

The feature works according to the following rules.  

*Each spoke has a permanent IPSec tunnel to the hub, not to the other spokes within the network. Each spoke registers as clients of the NHRP server.
 
*When a spoke needs to send a packet to a destination (private) subnet on another spoke, it queries the NHRP server for the real (outside) address of the destination (target) spoke.
 
*After the originating spoke learns the peer address of the target spoke, it can initiate a dynamic IPSec tunnel to the target spoke.
 
*The spoke-to-spoke tunnel is built over the multipoint GRE (mGRE) interface.
 
*The spoke-to-spoke links are established on demand whenever there is traffic between the spokes. Thereafter, packets are able to bypass the hub and use the spoke-to-spoke tunnel. "
0
 
LVL 32

Expert Comment

by:harbor235
ID: 24840540
Here is my working config for spoke to spoke,

HUB using EIGRP)

crypto isakmp policy 1            
 authentication pre-share            
crypto isakmp key dmvpn address 0.0.0.0            
!            
crypto ipsec transform-set trans2 esp-3des esp-sha-hmac            
mode transport            
!            
crypto ipsec profile dmvpnprof            
 set transform-set trans2            

interface Tunnel0                  
 bandwidth 1000                  
 ip address 172.16.1.3 255.255.255.0                  
 ip mtu 1400                  
 ip nhrp authentication donttell                  
 ip nhrp map multicast dynamic                  
 ip nhrp network-id 99                  
 ip nhrp holdtime 300                  
 no ip route-cache                  
 no ip split-horizon eigrp 200                  
 ip tcp adjust-mss 1360                  
 delay 1000                  
 tunnel source <add physical interface here>                  
 tunnel mode gre multipoint                  
 tunnel key 12345                  
 tunnel protection ipsec profile dmvpnprof      

SPOKE X;

crypto isakmp policy 1                              
 authentication pre-share                              
crypto isakmp key dmvpn address 0.0.0.0                              
!                              
crypto ipsec transform-set trans2 esp-3des esp-sha-hmac                              
mode transport                              
!                              
crypto ipsec profile dmvpnprof                              
 set transform-set trans2                              
!                              
interface Tunnel0                              
 bandwidth 1000                              
 ip address 172.16.1.6 255.255.255.0                              
 ip mtu 1400                              
 ip nhrp authentication donttell                              
 ip nhrp map multicast dynamic                              
 ip nhrp map 172.16.1.3 201.1.36.3                              
 ip nhrp map multicast 201.1.36.3                              
 ip nhrp nhs 172.16.1.3                              
 ip nhrp network-id 99                              
 ip nhrp holdtime 300                              
 ip tcp adjust-mss 1360                              
 delay 1000                              
 tunnel source <add physical interface>                              
 tunnel mode gre multipoint                              
 tunnel key 12345                              
 tunnel protection ipsec profile dmvpnprof                              

harbor235 ;}
            
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The article explains the protocols and technology which is involved when two computers on different TCP/IP networks communicate with each other. In the diagram, a router is used to segregate two networks. The networks are 192.168.1.0/24 and 192…
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question