DMVPN design issue.

Unanswered Question
Jan 29th, 2008
User Badges:


I designed a global DMVPN architecture, and created two multipoint GRE tunnel interfaces on hub with the same tunnel source interface (a GigaEthernet port connected to Internet), and allow our asia branches vpn tunnels terminated on one tunnel interface of hub, and allow our europe branches vpn tunnels terminated on another tunnel interface of hub.

We're using wildcard preshared keys for (ISAKMP) authentication.

Currently, Europe branches are firstly turnned up successfully, but when we tried to bring up Asia branches, none of them works.

Any idea for this ?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
b.schlegel Thu, 01/31/2008 - 08:29
User Badges:

Jerry I had a similar issue, on the hub tunnel interefaces, the routers with two tunnels do you have "shared applied" for example...tunnel protection ipsec profile multi shared

jerrytozhang Thu, 01/31/2008 - 13:53
User Badges:

Thanks for your reply, really appreciated!

But unfortunately we're in different case, in your case, you use profile shared on two tunnels of SPOKE router, but I'm talking about the two tunnels on HUB router shared by spoke routers.

The good news is I alreay fixed my issue.

Just put a secondary IP address on the interface(facing outside) of your DMVPN Hub router, and let Europe spoke routers point to one ip address on Hub router, and let Asia spoke routers point to another ip address on Hub router, and it works right away!!!




This Discussion