Solved: Tunnels.........!

gauravshar · ‎04-18-2008

Hi all,

Can we have multiple tunnels on a router, all of them having same source IP address or same source interface?

--gaurav

lamav · ‎04-18-2008

G:

I see what you're trying to do and you can do it that way.

Although, that is the old way of doing things.

You're probably better off using a DMVPN solution.

In that case, the hub router will have one multipoint GRE (mGRE) tunnel interface and its IP address will be on the same subnet as the tunnel interfaces for all the spokes.

You will use NHRP to have the spoke routers (NHRP clients) advertise their outside IP interface address and map it to their tunnel interface.

The hub router (NHRP server) will build a database of all the spoke's IP address-to-GRE tunnel-address mappings, which allows spokes to be added on dynamically and with only one mGRE tunnel interface at the hub supporting all the connections.

This is the general approach. You run GRE over IPSec and utilize NHRP for dynamic additions to the DMVPN network.

[EDIT] We can pick this up tomorrow, if you need more info, or a sample config. Right now, I need to crash. [EDIT]

HTH

Victor

View solution in original post

lamav · ‎04-18-2008

Of course you can. A VPN hub router in a hub-and-spoke topology does just that.

HTH

Victor

gauravshar · ‎04-18-2008

Hey Victor,

You are helpful like always.

Kindly validate the same.....

interface Tunnel0

bandwidth 1544000

ip address 192.168.1.2 255.255.255.252

load-interval 30

keepalive 10 3

tunnel source 172.22.24.182

tunnel destination 172.22.152.74

tunnel bandwidth transmit 1544000

tunnel bandwidth receive 1544000

interface Tunnel1

bandwidth 1544000

ip address 192.168.1.4 255.255.255.252

load-interval 30

keepalive 10 3

tunnel source 172.22.24.182

tunnel destination 172.26.157.74

tunnel bandwidth transmit 1544000

tunnel bandwidth receive 1544000

and at the remote sites.......

First site::

interface Tunnel0

bandwidth 1544000

ip address 192.168.1.1 255.255.255.252

load-interval 30

keepalive 10 3

tunnel source 172.22.152.74

tunnel destination 172.22.24.182

tunnel bandwidth transmit 1544000

tunnel bandwidth receive 1544000

Second site:

interface Tunnel0

bandwidth 1544000

ip address 192.168.1.1 255.255.255.252

load-interval 30

keepalive 10 3

tunnel source 172.26.157.74

tunnel destination 172.22.24.182

tunnel bandwidth transmit 1544000

tunnel bandwidth receive 1544000

or if you can give out some example.....

--gaurav

lamav · ‎04-18-2008

G:

I see what you're trying to do and you can do it that way.

Although, that is the old way of doing things.

You're probably better off using a DMVPN solution.

In that case, the hub router will have one multipoint GRE (mGRE) tunnel interface and its IP address will be on the same subnet as the tunnel interfaces for all the spokes.

You will use NHRP to have the spoke routers (NHRP clients) advertise their outside IP interface address and map it to their tunnel interface.

The hub router (NHRP server) will build a database of all the spoke's IP address-to-GRE tunnel-address mappings, which allows spokes to be added on dynamically and with only one mGRE tunnel interface at the hub supporting all the connections.

This is the general approach. You run GRE over IPSec and utilize NHRP for dynamic additions to the DMVPN network.

[EDIT] We can pick this up tomorrow, if you need more info, or a sample config. Right now, I need to crash. [EDIT]

HTH

Victor

gauravshar · ‎04-18-2008

very right Victor.

I'll be waiting for the sample configs....

--gaurav

lamav · ‎04-19-2008

G:

Here is a link from Cisco's website that has theory, architecture and example configurations.

I'm sure you'll find it useful.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_white_paper09186a008018983e.shtml#dualhubs

And thanks for the rating.

Victor