Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
418
Views
0
Helpful
3
Replies

P-P GRE Link

Go to solution
cgravell
Level 1
Level 1

‎08-14-2008 05:04 AM - edited ‎02-21-2020 02:58 AM

Hi,

I wish to route a public IP range from one provider across another providers backbone. I want to route this range statically via a GRE tunnel.

However, the end-point (Customer spoke) is only DYNAMICALLY IP assigned a PUBLIC address.

Is it possible to create a tunnel between the two sites, where one is dynamic, the other static and where I can route an IP range through this tunnel if the spoke IP end-point is unknown?

Thanks!

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Farrukh Haroon
VIP Alumni
VIP Alumni

‎08-14-2008 05:40 AM

Have you looked at DMVPN (One Hub and One Spoke)?

DMVPN uses NHRP to form spokes on the fly. The HUB does not need to know the public IP of the spokes at configuration time. The Tunnel/Public IP of the hub are hard coded in the spoke(s). Once it comes up the spoke registers itself to the hub dynamically (using the NHRP protocol).

Regards

Farrukh

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Farrukh Haroon
VIP Alumni
VIP Alumni

‎08-14-2008 05:40 AM

Have you looked at DMVPN (One Hub and One Spoke)?

DMVPN uses NHRP to form spokes on the fly. The HUB does not need to know the public IP of the spokes at configuration time. The Tunnel/Public IP of the hub are hard coded in the spoke(s). Once it comes up the spoke registers itself to the hub dynamically (using the NHRP protocol).

Regards

Farrukh

0 Helpful

Go to solution
dhananjoy chowdhury
Level 5
Level 5

‎08-16-2008 12:22 PM

Hi,

You can use the DMVPN feature.

Use the Router with Fixed IP as the DMVPN Hub and the Router with dynamic IP as the spoke.

DMVPN is based on GRE, However I would suggest to encrypt the GRE traffic using IPSEC, but this is not necessary.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008014bcd7.shtml#conf

Once the DMVPN tunnel is setup, you can route your IP subnets via this tunnel interface.

0 Helpful

Go to solution
cgravell
Level 1
Level 1
In response to dhananjoy chowdhury

‎08-16-2008 10:41 PM

Hi guys,

Thanks for the responses. I have used DMVPN since it was bleeding nose tech 4 or 5 years ago. I don't need to encrypt. The interface in this case is only p-p so I don't require a multi-point GRE interface (I remove that from the config). I guess my question is therefore, are there any other encap technologies that allow me to efficiently encap IP in IP without encryption to route a public IP range from one provider over another providers network? The caveat being that the spoke is dynamically assigned.

Anyone familiar with getVPN? Does this do this? Or is this pure crypto technology?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card