Solved

DMVPN configuration example

Posted on 2009-07-09
6
2,432 Views
Last Modified: 2012-05-07
Hi
1.I am looking for config sample for spoke -to-spoke directly

2.I am looking for config sample for spoke -to-spoke VIA hub

Thanks in ADVANCE
0
Comment
Question by:alimohammed72
  • 4
6 Comments
 
LVL 28

Expert Comment

by:asavener
ID: 24822617
0
 
LVL 28

Expert Comment

by:asavener
ID: 24822621
0
 
LVL 28

Expert Comment

by:asavener
ID: 24822626
You might also want to investigate the new technology GET VPN.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:alimohammed72
ID: 24826327
this is good for sopke to spoke via HUB but I am looking for SPOKE-SPOKE directly
0
 
LVL 28

Accepted Solution

by:
asavener earned 500 total points
ID: 24826694
The second link shows that:

"Background Theory  

The feature works according to the following rules.  

*Each spoke has a permanent IPSec tunnel to the hub, not to the other spokes within the network. Each spoke registers as clients of the NHRP server.
 
*When a spoke needs to send a packet to a destination (private) subnet on another spoke, it queries the NHRP server for the real (outside) address of the destination (target) spoke.
 
*After the originating spoke learns the peer address of the target spoke, it can initiate a dynamic IPSec tunnel to the target spoke.
 
*The spoke-to-spoke tunnel is built over the multipoint GRE (mGRE) interface.
 
*The spoke-to-spoke links are established on demand whenever there is traffic between the spokes. Thereafter, packets are able to bypass the hub and use the spoke-to-spoke tunnel. "
0
 
LVL 32

Expert Comment

by:harbor235
ID: 24840540
Here is my working config for spoke to spoke,

HUB using EIGRP)

crypto isakmp policy 1            
 authentication pre-share            
crypto isakmp key dmvpn address 0.0.0.0            
!            
crypto ipsec transform-set trans2 esp-3des esp-sha-hmac            
mode transport            
!            
crypto ipsec profile dmvpnprof            
 set transform-set trans2            

interface Tunnel0                  
 bandwidth 1000                  
 ip address 172.16.1.3 255.255.255.0                  
 ip mtu 1400                  
 ip nhrp authentication donttell                  
 ip nhrp map multicast dynamic                  
 ip nhrp network-id 99                  
 ip nhrp holdtime 300                  
 no ip route-cache                  
 no ip split-horizon eigrp 200                  
 ip tcp adjust-mss 1360                  
 delay 1000                  
 tunnel source <add physical interface here>                  
 tunnel mode gre multipoint                  
 tunnel key 12345                  
 tunnel protection ipsec profile dmvpnprof      

SPOKE X;

crypto isakmp policy 1                              
 authentication pre-share                              
crypto isakmp key dmvpn address 0.0.0.0                              
!                              
crypto ipsec transform-set trans2 esp-3des esp-sha-hmac                              
mode transport                              
!                              
crypto ipsec profile dmvpnprof                              
 set transform-set trans2                              
!                              
interface Tunnel0                              
 bandwidth 1000                              
 ip address 172.16.1.6 255.255.255.0                              
 ip mtu 1400                              
 ip nhrp authentication donttell                              
 ip nhrp map multicast dynamic                              
 ip nhrp map 172.16.1.3 201.1.36.3                              
 ip nhrp map multicast 201.1.36.3                              
 ip nhrp nhs 172.16.1.3                              
 ip nhrp network-id 99                              
 ip nhrp holdtime 300                              
 ip tcp adjust-mss 1360                              
 delay 1000                              
 tunnel source <add physical interface>                              
 tunnel mode gre multipoint                              
 tunnel key 12345                              
 tunnel protection ipsec profile dmvpnprof                              

harbor235 ;}
            
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Setup router as access point - no internet 5 33
Eigrp Router 5 49
IPv6 Address reservation on Cisco router 3 30
HSRP needed? 4 31
There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now