Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

DMVPN design issue.

Hi,All:

I designed a global DMVPN architecture, and created two multipoint GRE tunnel interfaces on hub with the same tunnel source interface (a GigaEthernet port connected to Internet), and allow our asia branches vpn tunnels terminated on one tunnel interface of hub, and allow our europe branches vpn tunnels terminated on another tunnel interface of hub.

We're using wildcard preshared keys for (ISAKMP) authentication.

Currently, Europe branches are firstly turnned up successfully, but when we tried to bring up Asia branches, none of them works.

Any idea for this ?

Thanks,

Jerry

2 REPLIES
New Member

Re: DMVPN design issue.

Jerry I had a similar issue, on the hub tunnel interefaces, the routers with two tunnels do you have "shared applied" for example...tunnel protection ipsec profile multi shared

New Member

Re: DMVPN design issue.

Thanks for your reply, really appreciated!

But unfortunately we're in different case, in your case, you use profile shared on two tunnels of SPOKE router, but I'm talking about the two tunnels on HUB router shared by spoke routers.

The good news is I alreay fixed my issue.

Just put a secondary IP address on the interface(facing outside) of your DMVPN Hub router, and let Europe spoke routers point to one ip address on Hub router, and let Asia spoke routers point to another ip address on Hub router, and it works right away!!!

Thanks,

Jerry.

120
Views
0
Helpful
2
Replies
CreatePlease login to create content