Solved

DMVPN configuration example

Posted on 2009-07-09
6
2,451 Views
Last Modified: 2012-05-07
Hi
1.I am looking for config sample for spoke -to-spoke directly

2.I am looking for config sample for spoke -to-spoke VIA hub

Thanks in ADVANCE
0
Comment
Question by:alimohammed72
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
6 Comments
 
LVL 28

Expert Comment

by:asavener
ID: 24822617
0
 
LVL 28

Expert Comment

by:asavener
ID: 24822621
0
 
LVL 28

Expert Comment

by:asavener
ID: 24822626
You might also want to investigate the new technology GET VPN.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:alimohammed72
ID: 24826327
this is good for sopke to spoke via HUB but I am looking for SPOKE-SPOKE directly
0
 
LVL 28

Accepted Solution

by:
asavener earned 500 total points
ID: 24826694
The second link shows that:

"Background Theory  

The feature works according to the following rules.  

*Each spoke has a permanent IPSec tunnel to the hub, not to the other spokes within the network. Each spoke registers as clients of the NHRP server.
 
*When a spoke needs to send a packet to a destination (private) subnet on another spoke, it queries the NHRP server for the real (outside) address of the destination (target) spoke.
 
*After the originating spoke learns the peer address of the target spoke, it can initiate a dynamic IPSec tunnel to the target spoke.
 
*The spoke-to-spoke tunnel is built over the multipoint GRE (mGRE) interface.
 
*The spoke-to-spoke links are established on demand whenever there is traffic between the spokes. Thereafter, packets are able to bypass the hub and use the spoke-to-spoke tunnel. "
0
 
LVL 32

Expert Comment

by:harbor235
ID: 24840540
Here is my working config for spoke to spoke,

HUB using EIGRP)

crypto isakmp policy 1            
 authentication pre-share            
crypto isakmp key dmvpn address 0.0.0.0            
!            
crypto ipsec transform-set trans2 esp-3des esp-sha-hmac            
mode transport            
!            
crypto ipsec profile dmvpnprof            
 set transform-set trans2            

interface Tunnel0                  
 bandwidth 1000                  
 ip address 172.16.1.3 255.255.255.0                  
 ip mtu 1400                  
 ip nhrp authentication donttell                  
 ip nhrp map multicast dynamic                  
 ip nhrp network-id 99                  
 ip nhrp holdtime 300                  
 no ip route-cache                  
 no ip split-horizon eigrp 200                  
 ip tcp adjust-mss 1360                  
 delay 1000                  
 tunnel source <add physical interface here>                  
 tunnel mode gre multipoint                  
 tunnel key 12345                  
 tunnel protection ipsec profile dmvpnprof      

SPOKE X;

crypto isakmp policy 1                              
 authentication pre-share                              
crypto isakmp key dmvpn address 0.0.0.0                              
!                              
crypto ipsec transform-set trans2 esp-3des esp-sha-hmac                              
mode transport                              
!                              
crypto ipsec profile dmvpnprof                              
 set transform-set trans2                              
!                              
interface Tunnel0                              
 bandwidth 1000                              
 ip address 172.16.1.6 255.255.255.0                              
 ip mtu 1400                              
 ip nhrp authentication donttell                              
 ip nhrp map multicast dynamic                              
 ip nhrp map 172.16.1.3 201.1.36.3                              
 ip nhrp map multicast 201.1.36.3                              
 ip nhrp nhs 172.16.1.3                              
 ip nhrp network-id 99                              
 ip nhrp holdtime 300                              
 ip tcp adjust-mss 1360                              
 delay 1000                              
 tunnel source <add physical interface>                              
 tunnel mode gre multipoint                              
 tunnel key 12345                              
 tunnel protection ipsec profile dmvpnprof                              

harbor235 ;}
            
0

Featured Post

Prevent Ransomware with Total Security Suite

With recent ransomware attacks topping the headlines, it might seem like there'e no hope in the battle against these advanced threats. Learn more about how WatchGuard's Total Security Suite can effectively prevent ransomware attacks including Petya 2.0 and WannaCry!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Please see preceding article here: http://www.experts-exchange.com/Networking/Operating_Systems/A_11209-Root-Bridge-Election.html Figure 1 After Root Bridge has been elected, then what?..... Let's start by defining a Root Port in la…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question