spoke to spoke traffic on dmvpn

Unanswered Question
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
bwilmoth Fri, 08/21/2009 - 10:34
User Badges:
  • Silver, 250 points or more

In DMVPN, spokes cansend packets directly to another spoke, if the routing table and NHRP table are available.

In order to create a spoke to spoke tunnel, a spoke must:

Learn a routing entryto the destination network

The next hop must be the remote spoke tunnel IP address

The spoke must learn the NBMA addressof this next hop

•The IPsec tunnel is only built afterthat

The below URL demonstrates a configuration for static and dynamic LAN-to-LAN tunnels with spoke-to-spoke connectivity through the hub PIX Firewall. PIX version 7.0 improves support for spoke-to-spoke VPN communications as it provides the ability for encrypted traffic to enter and leave the same interface.


walter baziuk Sun, 11/14/2010 - 10:53
User Badges:


I am planing to deply DMVPN. I have the initial config working.

I require all iNet traffic to go to the HUB so that i have only one Inet gateway. This is to meet our security requirements

All hub and spokes site travel across the iNet to get to each other through IPSEC and GRE tuneels. I want to ensure that any traffic that is destined to non hub/sokes site go to the HUB./ Then the hub can screen all incoming and outgoing traffic

Any ideas or partial config examples?




This Discussion