I am trying to lay out a new VPN design - single DMVPN cloud, dual hub routers at primary site, single hub router at backup site, and dual spoke routers at the branch/remotes.
This is all via internet transport, with GETVPN overlay to encrypt.
Has anyone had any experience laying out DMVPN designs with dual spoke routers, and how did you go about it? HSRP @ outside or inside interface, routing protocol determination only, etc..
Thanks in advance!
Using BGP will complicate the things a little bit.
That's because you need to advertise the HSRP IP (used as GRE source) on both your ISPs. So you need to own that IP.
If that is not possible, you can use the Dual Hub - Dual DMVPN Layout (part of the DMVPN link i attached previous).
This will require one GRE per router, and the routing to be done using the routing protocol.
HSRP can still be used on inside interface, tracking the GRE tunnel status.
Traffic doesnit need to be NATed as it will go via the GRE tunnels.
Please rate if this helped.