DMVPN with 2 Hubs

Answered Question
Mar 26th, 2007
User Badges:

1)If i understand right - Phase 1 DMVPN is hub-to-spoke technology. Is it possible to use two hubs in the network?


2) Is it possible to use 1841 router as hub in DMVPN Phase 1?


3) Imagine such network topology:


*PIX*-(static vpn tunnel)->1841 router (hub)-(dynamic vpn tunnel)-> Spokes .


Am i going to have problems with routing into VPN between PIX and spokes through 1841?


See Scheme in the attachment.


Thnx in advance!






Correct Answer by Kamal Malhotra about 10 years 1 month ago

Hi,


It should be possible. The tunnel between the PIX and Hub 2 is going to be a regular IPSEC tunnel with PIX configured with all the spoke networks as destination in the crypto ACL and vice versa on the hub. Hub 2 will have a static route for the PIX's private subnet and tis route will be redestributed in the routing process so that it is advertised to the spokes. Please keep in mind that the tunnel protection profile that you configure should have the 'shared' keyword configured.


HTH,


Please rate if it helps.


Regards,


Kamal

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Correct Answer
Kamal Malhotra Mon, 03/26/2007 - 06:42
User Badges:
  • Cisco Employee,

Hi,


It should be possible. The tunnel between the PIX and Hub 2 is going to be a regular IPSEC tunnel with PIX configured with all the spoke networks as destination in the crypto ACL and vice versa on the hub. Hub 2 will have a static route for the PIX's private subnet and tis route will be redestributed in the routing process so that it is advertised to the spokes. Please keep in mind that the tunnel protection profile that you configure should have the 'shared' keyword configured.


HTH,


Please rate if it helps.


Regards,


Kamal

Kamal Malhotra Mon, 03/26/2007 - 06:48
User Badges:
  • Cisco Employee,

Hi


Just to add, 1841 can be used as the hub depending on the number of the spokes. Please go through the attached data sheet of the hardware :


Integrated Hardware-Based Encryption : On motherboard

Encryption Support in Hardware : DES, 3DES, AES 128, AES 192, AES 256

IPSec Tunnels Supported : 50

IPSec VPN Performance : 40 Mbps 3DES @ 1400 byte packets

http://www.cisco.com/en/US/products/ps5853/products_data_sheet0900aecd8028a95f.html


HTH,


Please rate if it helps,


Regards,


Kamal

Actions

This Discussion