cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
319
Views
0
Helpful
2
Replies

DMVPN design issue.

jerrytozhang
Level 1
Level 1

Hi,All:

I designed a global DMVPN architecture, and created two multipoint GRE tunnel interfaces on hub with the same tunnel source interface (a GigaEthernet port connected to Internet), and allow our asia branches vpn tunnels terminated on one tunnel interface of hub, and allow our europe branches vpn tunnels terminated on another tunnel interface of hub.

We're using wildcard preshared keys for (ISAKMP) authentication.

Currently, Europe branches are firstly turnned up successfully, but when we tried to bring up Asia branches, none of them works.

Any idea for this ?

Thanks,

Jerry

2 Replies 2

b.schlegel
Level 1
Level 1

Jerry I had a similar issue, on the hub tunnel interefaces, the routers with two tunnels do you have "shared applied" for example...tunnel protection ipsec profile multi shared

Thanks for your reply, really appreciated!

But unfortunately we're in different case, in your case, you use profile shared on two tunnels of SPOKE router, but I'm talking about the two tunnels on HUB router shared by spoke routers.

The good news is I alreay fixed my issue.

Just put a secondary IP address on the interface(facing outside) of your DMVPN Hub router, and let Europe spoke routers point to one ip address on Hub router, and let Asia spoke routers point to another ip address on Hub router, and it works right away!!!

Thanks,

Jerry.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: