03-20-2008
06:32 PM
- last edited on
02-21-2020
11:47 PM
by
cc_security_adm
Greetings, below is the basis for an MPLS based Dmvpn network for one of my customers.
Each private ip address space will consists of 10.171.0.0 /24 networks
GRE Tunnel Interfaces will be in the 172.16.0.0 /30 range
Ill be advertising the networks below from both the hub and spoke sites using EIGRP.
10.171.0.0 0.0.0.255 and 172.16.0.0 0.0.0.255
Ive implemented a DMVPN in a lab environment successfully but i need someone to say either yes it will work or suggest alternatives to the arrangement below so that i can sleep at night!
Any comments much appreciated.
Regards
03-21-2008 11:17 AM
Hi,
What is you tunnel int config on spoke and hub routers? I have working config DMVPN GRE with IPSec (no MPLS) which I can compare with
JY
03-24-2008 05:15 PM
On the Hub Router
crypto isakmp policy 10
hash sha
authentication pre-share
encryption 3des
group 2
lifetime 86400
!
crypto isakmp key Pa55w0rd address 0.0.0.0 0.0.0.0
crypto isakmp nat keepalive 20
!
crypto ipsec transform-set GlobalSet esp-3des
mode tunnel
!
crypto ipsec profile *********
set transform-set GlobalSet
set security-association lifetime seconds 86400
set security-association lifetime kilobytes 4608000
!
interface Tunnel 0
description ****** DMVPN GRE Tunnel ******
ip address 172.16.255.1 255.255.255.252
bandwidth 1000
delay 1000
ip nhrp holdtime 360
ip nhrp network-id 100000
ip nhrp authentication ********
ip mtu 1400
ip tcp adjust-mss 1360
ip nhrp map multicast dynamic
tunnel source FastEthernet 0/0
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile **********
no ip split-horizon eigrp 25
!
router eigrp 25
network 172.16.255.2 0.0.0.255
network 10.171.0.0 0.0.0.255
no auto-summary
On the first Spoke Router
interface Tunnel 10
description ****** DMVPN GRE Tunnel ******
ip address 172.16.255.2 255.255.255.252
bandwidth 1000
delay 1000
ip nhrp holdtime 360
ip nhrp network-id 100000
ip nhrp authentication ********
ip mtu 1400
ip tcp adjust-mss 1360
ip nhrp map 172.16.255.1 ***.**.**.***
tunnel source Dialer0
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile **********
!
router eigrp 25
network 172.16.255.2 0.0.0.255
network 10.171.0.0 0.0.0.255
no auto-summary
Regards
03-25-2008 03:47 AM
Hi,
I see a few differences from what I usually configure for DMVPN.
1. Under interface Tunnel0
- Add "ip nhrp nhs 172.16.255.1
- Add "ip nhrp map multicast
2. Under the router eigrp 25
- The network statements should be
network 172.16.255.0 0.0.0.3
network 10.171.0.0 0.0.0.255
Hope it helps, also take a look at:
http://www.cisco.com/en/US/docs/ios/12_4/secure/configuration/guide/hgreips.html
Regards,
Paulo
03-25-2008 06:07 AM
Thank you very much for your reply, ill update the config accordingly.
Regards
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: