Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
401
Views
0
Helpful
2
Replies

Dmvpn Split tunneling.

darraghkennedy
Level 1
Level 1

‎04-27-2006 03:57 AM - edited ‎03-09-2019 02:44 PM

Hi I have a dmvpn hub setup with several spokes attached.

I run eigrp between hub and spoke and inject a default route to the hubs so all traffic is routed via the tunnel interface on the spokes.

I need to enable internet access for a customer over the spoke router which is using their dsl connection.

I have done this before for rri just by applying acls but I am not sure how to do it for dmvpn.

All I have been able to find so far is info on how to change the hub to enable spoke to spoke traffic.

no ip split horizon eigrp x

no ip next-hop-self eigrp x.

Obviously the customers server has the lan interface of the spoke as their default gateway so that is where the browser will try to send the traffic.

The spoke does not have a default route to the internet I have a /32 setup to reach the hub via the local gateway.

Any advice is appreciated.

Darragh.

Labels:
0 Helpful
2 Replies 2

Not applicable

‎05-03-2006 12:00 PM

This feature eliminates the need for spoke-to-spoke configuration for direct tunnels. When a spoke router wants to transmit a packet to another spoke router, it can now use NHRP to dynamically determine the required destination address of the target spoke router. (The hub router acts as the NHRP server, handling the request for the source spoke router.) The two spoke routers dynamically create an IPSec tunnel between them so data can be directly transferred.

http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080110ba1.html

0 Helpful

darraghkennedy
Level 1
Level 1
In response to

‎05-04-2006 03:14 AM

Hi Thanks for you assistance.

I don't need to create a spoke to spoke tunnel.

I need to let the customer surf the internet. I have enabled this locally using a route map which nats all non hub destined traffic out the outside interface.

I had to change my spoke config and put a default route in pointing out the wan gateway. I am trying to figure out the way to use a split tunnel scenario similar to easy vpn when you put an access-list on the concentrator and all traffic that doesn't match the acl gets sent back out to the internet. This would mean all traffic would come back to the hub.

0 Helpful
Customers Also Viewed These Support Documents