Is it possible to build the gre tunnel with dynamic ip on one end-point?

Unanswered Question
Aug 5th, 2010

Hi all,

Is it possible to build the gre tunnel with dynamic ip on one end-point?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Michael Sullenberger Tue, 08/10/2010 - 16:43

Yes this is possible using DMVPN.  For a simple single tunnel case it would look like:

Node1,  that has the dynamic IP on interface Serial1/0 (could be any type of interface):

interface Tunnel0
bandwidth 1000
ip address 10.0.0.2 255.255.255.252
no ip redirects
ip mtu 1400
ip nhrp authentication test
ip nhrp map multicast 172.17.0.1
ip nhrp map 10.0.0.1 172.17.0.1
ip nhrp network-id 100000
ip nhrp holdtime 360
ip nhrp registration no-unique

ip nhrp nhs 10.0.0.1
no ip mroute-cache
delay 1000
cdp enable
tunnel source Serial1/0  <-- has dynamic IP address
tunnel destination 172.17.0.1
tunnel key 100000
tunnel protection ipsec profile vpnprof  <-- for IPsec encryption (optional).

Node2, that has a static IP on interface Serial 2/0 (could be any type of interface):

interface Tunnel0
bandwidth 1000
ip address 10.0.0.1 255.255.255.0
ip mtu 1400
ip nhrp authentication test
ip nhrp map multicast dynamic
ip nhrp network-id 100000
ip nhrp holdtime 360
ip nhrp server-only
ip tcp adjust-mss 1360
cdp enable
tunnel source Serial2/0  <-- has IP address 172.17.0.1
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile vpnprof <-- for IPsec encryption (optional).

NHRP does the work of informing the Node2 about Node1's dynamic IP address.

You can find out more information about DMVPN at http://www.cisco.com/go/dmvpn

Mike.

michael.leblanc Wed, 08/11/2010 - 08:07

Might want to use the same mask on the tunnel interfaces that participate in the same NHRP Network, particularly if there is to be more than 1 spoke, and you desire dynamic spoke-to-spoke tunnels to be negotiated.

Best Regards,

Mike

Michael Sullenberger Thu, 08/12/2010 - 12:01

Mike,

You are absolutely correct.  This what happens when you cut and paste and don't carefully look at it.

I was trying to show the use for a basic p-pGRE case in which case, though you have to use an mGRE

tunnel on the hub.

For just a single tunnel/spoke.

interface Tunnel0

ip address 10.0.0.2 255.255.255.252
...
ip nhrp authentication test
ip nhrp map multicast 172.17.0.1
ip nhrp map 10.0.0.1 172.17.0.1
ip nhrp network-id 100000
ip nhrp holdtime 360
ip nhrp registration no-unique

ip nhrp nhs 10.0.0.1
...
tunnel source Serial1/0  <-- has dynamic IP address
tunnel destination 172.17.0.1
...

interface Tunnel0

ip address 10.0.0.1 255.255.255.252
...
ip nhrp authentication test
ip nhrp map multicast dynamic
ip nhrp network-id 100000
ip nhrp holdtime 360
ip nhrp server-only
ip tcp adjust-mss 1360
tunnel source Serial2/0  <-- has IP address 172.17.0.1
tunnel mode gre multipoint
...

For many tunnels/spokes.

interface Tunnel0

ip address 10.0.0. 255.255.255.0  <-- is different for each spoke
...
ip nhrp authentication test
ip nhrp map multicast 172.17.0.1
ip nhrp map 10.0.0.1 172.17.0.1
ip nhrp network-id 100000
ip nhrp holdtime 360
ip nhrp registration no-unique

ip nhrp nhs 10.0.0.1
...
tunnel source Serial1/0  <-- has dynamic IP address
tunnel destination 172.17.0.1  <--  If you want dynamic spoke-spoke then change to tunnel mode gre-multipoint
...

interface Tunnel0

ip address 10.0.0.1 255.255.255.0
...
ip nhrp authentication test
ip nhrp map multicast dynamic
ip nhrp network-id 100000
ip nhrp holdtime 360
ip nhrp server-only
ip tcp adjust-mss 1360
tunnel source Serial2/0  <-- has IP address 172.17.0.1
tunnel mode gre multipoint
...

Hope that is a little more clear.

Mike

Actions

This Discussion