Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
730
Views
0
Helpful
3
Replies

DMVPN: Bonding Two DSL to Provide LoadSharing with VRF

AJAZ NAWAZ
Level 5
Level 5

‎12-01-2008 09:14 AM - edited ‎03-04-2019 12:33 AM

Topology:

1841===DMPVN_Clound===3825(hub)

The 1841 has two HWIC-1ADSL installed into each HWIC slot. 1841 running 12.22T advEnt. Config looks like this:

interface Tunnel100

description DMVPN 1

ip vrf forwarding monsters

ip address x.x.x.x 255.255.255.0

no ip redirects

ip mtu 1400

ip nhrp authentication PRIMARY

ip nhrp map 10.19.220.1 x.x.x.x

ip nhrp map multicast x.x.x.x

ip nhrp network-id 100

ip nhrp holdtime 300

ip nhrp nhs 10.19.220.1

ip ospf network point-to-multipoint

ip ospf cost 1000

keepalive 2 3

tunnel source Dialer0

tunnel mode gre multipoint

tunnel key 123

tunnel path-mtu-discovery

tunnel protection ipsec profile DMVPN-PROFILE shared

interface Dialer0

ip vrf forwarding monsters

ip address negotiated

ip access-group 101 in

ip mtu 1492

ip inspect CBAC out

encapsulation ppp

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap callin

ppp chap hostname x@x.openandclear.com

ppp chap password 7 xxxxxxxxxxxxxx

-------------

In order to get LB working I need to use vrf on dialer interfaces. This is where the problem begins. When I remove vrf forwarding from the dialer0 interface IPSEC is fine, but not with vrf. Of course doesn't make sense trying two dsl lines when single vrf is not playing ball.

Adding tunnel vrf monsters under tunnel config is of no use. I have 50sites all without this and they're all good.

Any help would be appreciated.

Ajaz

Labels:
0 Helpful
3 Replies 3

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎12-01-2008 09:43 AM

Hello Ajaz,

a good reference for DMVPN is in the SRND page

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/DMVPDG.html

if really using a 12.2T release I would consider an IOS upgrade on the C1841 to 12.4(20)T or later

Hope to help

Giuseppe

0 Helpful

AJAZ NAWAZ
Level 5
Level 5
In response to Giuseppe Larosa

‎12-01-2008 09:51 AM

Hi Giuseppe

As stated above we have 12.4(22)T, apologies for not making that clear. In terms of SRND and various DMVPN design guides, we have utilized these to the max and have an extended live DMVPN dual-hub dual-cloud network.

The problem is IPSEC when both tunnel intf and dialer are in the same vrf.

thanks

Ajaz

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to AJAZ NAWAZ

‎12-01-2008 10:17 AM

Hello Ajaz,

>> The problem is IPSEC when both tunnel intf and dialer are in the same vrf

if you look at VRF and IPSec solutions with point-to-point GRE configuration examples you can see that the ip vrf forwarding command is usually present under the tunnel GRE config only.

I've seen some example where someone uses MLPPP to bundle two ADSLs this could be an alternate way to use both links:

if you configure both ADSL links pointing to the same dialer you should achieve this

Hope to help

Giuseppe

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card