Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Dmvpn Split tunneling.

Hi I have a dmvpn hub setup with several spokes attached.

I run eigrp between hub and spoke and inject a default route to the hubs so all traffic is routed via the tunnel interface on the spokes.

I need to enable internet access for a customer over the spoke router which is using their dsl connection.

I have done this before for rri just by applying acls but I am not sure how to do it for dmvpn.

All I have been able to find so far is info on how to change the hub to enable spoke to spoke traffic.

no ip split horizon eigrp x

no ip next-hop-self eigrp x.

Obviously the customers server has the lan interface of the spoke as their default gateway so that is where the browser will try to send the traffic.

The spoke does not have a default route to the internet I have a /32 setup to reach the hub via the local gateway.

Any advice is appreciated.

Darragh.

2 REPLIES
Anonymous
N/A

Re: Dmvpn Split tunneling.

This feature eliminates the need for spoke-to-spoke configuration for direct tunnels. When a spoke router wants to transmit a packet to another spoke router, it can now use NHRP to dynamically determine the required destination address of the target spoke router. (The hub router acts as the NHRP server, handling the request for the source spoke router.) The two spoke routers dynamically create an IPSec tunnel between them so data can be directly transferred.

http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080110ba1.html

New Member

Re: Dmvpn Split tunneling.

Hi Thanks for you assistance.

I don't need to create a spoke to spoke tunnel.

I need to let the customer surf the internet. I have enabled this locally using a route map which nats all non hub destined traffic out the outside interface.

I had to change my spoke config and put a default route in pointing out the wan gateway. I am trying to figure out the way to use a split tunnel scenario similar to easy vpn when you put an access-list on the concentrator and all traffic that doesn't match the acl gets sent back out to the internet. This would mean all traffic would come back to the hub.

199
Views
0
Helpful
2
Replies
CreatePlease to create content