Having problems securing DMVPN
I have a 6513 with SPA module as the Hub and spokes are 2821s
Using DMVPN as is, everything works fine, adding an access list to the inside port only allowing
permit esp public-IP 0.0.0.255 any
permit udp public-IP eq isakmp host public-IP eq isakmp
breaks GRE and therefore DMVPN. TAC tells me it has to do with a double access-list lookup.
can someone please show me a sample config where at the hub or the spoke all that is allowed to go in are IPSec packets and nothing else. Right now if I allow GRE in my access list DMVPN works again but all other traffic can get in as long as its wrapped in GRE
Thanks in advance