DMVPN design. Spokes will all be static

Unanswered Question
Sep 3rd, 2009

Hi Guys,

I have a setup where I have a spoke router and 4 clients. The clients will grow and the configuration that we currently have seems to not be able to scale well.

For every new client we add, we have to make a new static crypto map, new tunnel interface and add the new client network to the access lists.

There is a very good book that I am following, The Complete Cisco VPN Configuration Guide. There is a pretty good example on this book, however it assumes that the spokes will be behind dynamic ISPs and that they will need to talk to each other.

In this setup, the spokes are all static and wont need to talk to each. What is the best approach for this?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
insccisco Fri, 09/04/2009 - 09:05


that is a great link... actually very sexy link. I am currently reading it and it is just great.. lots of info. Im not on the examples part yet, but once I get there, I will start coding.

The environment I have is a bit messy, but I will fix it using the DMVPN concept.

Question though, if I change the isakmp crypto on the headend server to IPSec profiles, would I have to do the same on the branch devices?


This Discussion