Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
256
Views
3
Helpful
1
Replies

DMVPN and EIGRP

rawsonfang
Level 1
Level 1

‎01-18-2006 12:28 PM - edited ‎03-09-2019 01:39 PM

Three sites, one hub and two spokes with DMVPN and eigrp deployed. The Hub site communicates with both spoke site properly, and have eigrp neighbor relationship with both spoke sites, but when initiates the IP traffic from one spoke site LAN the other spoke site 's LAN, we notice that the traffic route through the Hub site, instead of creating dynamical tunnel between the two spoke sites router, any idea??

Labels:
0 Helpful
1 Reply 1

mheusinger
Level 10
Level 10

‎01-18-2006 01:16 PM

Hello,

are you aware of the restrictions in this scenario?

According to "Dynamic Multipoint VPN (DMVPN)" found at

http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080110ba1.html#wp1039490

you should take the following into consideration:

Restrictions for Dynamic Multipoint VPN (DMVPN)

•If you use the Dynamic Creation for Spoke-to-Spoke Tunnels benefit of this feature, you must use IKE Certificates or wildcard preshared keys for Internet Security Association Key Management Protocol (ISAKMP) authentication.

Note It is highly recommended that you do not use wildcard preshared keys because the attacker will have access to the VPN if one spoke router is compromised.

In addition, did you follow the configuration guidelines found in "Configuring Dynamic Multipoint VPN Using GRE Over IPSec With EIGRP, NAT, and CBAC"

at

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801982ae.shtml

Hope this helps! Please rate all posts.

Regards, Martin

Customers Also Viewed These Support Documents