09-15-2009 11:11 AM
I'm trying to set up a gre tunnel between a spoke router with dynamic ip, and a hub router with fixed ip. And it doesn't work.I am using a loopback interface of de hub router as the destination tunnel ip in the spoke router. May be the problem that no use an ip of phisical interface?
Thanks.
Solved! Go to Solution.
09-16-2009 12:37 PM
As mentioned, I have DMVPN without tunnel protection, works fine.
09-17-2009 05:12 AM
IPsec supports dynamic peers, it's all in the documentation.
We also used EzVPN, that works better in presence of NAT.
09-15-2009 12:10 PM
For that to work, you need to configure IPsec first, in practice it's a DMVPN setup.
09-16-2009 04:32 AM
I did this. The configurations are:
hub:
interface Tunnel100
description Tunel a router 3G
ip address 77.6.248.30 255.255.255.252
no ip redirects
ip nhrp authentication test
ip nhrp map multicast dynamic
ip nhrp network-id 100000
ip nhrp holdtime 600
ip tcp adjust-mss 1260
tunnel source loopback10
tunnel mode gre multipoint
tunnel key 10000
tunnel protection ipsec profile 3G
spoke:
interface Tunnel100
ip address 77.6.248.29 255.255.255.252
ip nhrp authentication test
ip nhrp map 77.6.248.30 192.168.35.113
ip nhrp map multicast 192.168.35.113
ip nhrp network-id 100000
ip nhrp holdtime 300
ip nhrp nhs 77.6.248.30
ip tcp adjust-mss 1260
tunnel source Cellular0/2/0
tunnel destination 192.168.35.113
tunnel key 10000
The ipsec is up. There is an isamkp SA established.
Thanks.
09-16-2009 11:21 AM
Check that you can ping between the tunnel source and destination.
Then, a /30 mask seem from for multipoint tunnel.
Also, I would not use tunnel protection, configure ipsec independently.
09-16-2009 12:36 PM
The ping is ok in both sides. I modified de mask in the hub, but it doesn't work.
Thanks.
09-16-2009 12:37 PM
As mentioned, I have DMVPN without tunnel protection, works fine.
09-17-2009 05:09 AM
I do this. It works ok without encription, only mgre+nhrp. I found a new problem. How to create the crypto maps unknowing the remote address (the spoke is a dynamic ip).
Thanks
Marcelo
09-17-2009 05:12 AM
IPsec supports dynamic peers, it's all in the documentation.
We also used EzVPN, that works better in presence of NAT.
09-17-2009 10:31 AM
Thanks. Now is working ok.
Marcelo
09-17-2009 12:23 PM
Very good, thanks for the nice rating and good luck!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide