Cisco DMVPN Sanity Check

Unanswered Question
Mar 20th, 2008

Greetings, below is the basis for an MPLS based Dmvpn network for one of my customers.

Each private ip address space will consists of 10.171.0.0 /24 networks

GRE Tunnel Interfaces will be in the 172.16.0.0 /30 range

Ill be advertising the networks below from both the hub and spoke sites using EIGRP.

10.171.0.0 0.0.0.255 and 172.16.0.0 0.0.0.255

Ive implemented a DMVPN in a lab environment successfully but i need someone to say either yes it will work or suggest alternatives to the arrangement below so that i can sleep at night!

Any comments much appreciated.

Regards

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
joseph.yuffa Fri, 03/21/2008 - 11:17

Hi,

What is you tunnel int config on spoke and hub routers? I have working config DMVPN GRE with IPSec (no MPLS) which I can compare with

JY

exonetinf1nity Mon, 03/24/2008 - 17:15

On the Hub Router

crypto isakmp policy 10

hash sha

authentication pre-share

encryption 3des

group 2

lifetime 86400

!

crypto isakmp key Pa55w0rd address 0.0.0.0 0.0.0.0

crypto isakmp nat keepalive 20

!

crypto ipsec transform-set GlobalSet esp-3des

mode tunnel

!

crypto ipsec profile *********

set transform-set GlobalSet

set security-association lifetime seconds 86400

set security-association lifetime kilobytes 4608000

!

interface Tunnel 0

description ****** DMVPN GRE Tunnel ******

ip address 172.16.255.1 255.255.255.252

bandwidth 1000

delay 1000

ip nhrp holdtime 360

ip nhrp network-id 100000

ip nhrp authentication ********

ip mtu 1400

ip tcp adjust-mss 1360

ip nhrp map multicast dynamic

tunnel source FastEthernet 0/0

tunnel mode gre multipoint

tunnel key 100000

tunnel protection ipsec profile **********

no ip split-horizon eigrp 25

!

router eigrp 25

network 172.16.255.2 0.0.0.255

network 10.171.0.0 0.0.0.255

no auto-summary

On the first Spoke Router

interface Tunnel 10

description ****** DMVPN GRE Tunnel ******

ip address 172.16.255.2 255.255.255.252

bandwidth 1000

delay 1000

ip nhrp holdtime 360

ip nhrp network-id 100000

ip nhrp authentication ********

ip mtu 1400

ip tcp adjust-mss 1360

ip nhrp map 172.16.255.1 ***.**.**.***

tunnel source Dialer0

tunnel mode gre multipoint

tunnel key 100000

tunnel protection ipsec profile **********

!

router eigrp 25

network 172.16.255.2 0.0.0.255

network 10.171.0.0 0.0.0.255

no auto-summary

Regards

pjhenriqs Tue, 03/25/2008 - 03:47

Hi,

I see a few differences from what I usually configure for DMVPN.

1. Under interface Tunnel0

- Add "ip nhrp nhs 172.16.255.1

- Add "ip nhrp map multicast ". I'm guessing you have one.

2. Under the router eigrp 25

- The network statements should be

network 172.16.255.0 0.0.0.3

network 10.171.0.0 0.0.0.255

Hope it helps, also take a look at:

http://www.cisco.com/en/US/docs/ios/12_4/secure/configuration/guide/hgreips.html

Regards,

Paulo

Actions

This Discussion