Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
495
Views
0
Helpful
2
Replies

DMVPN with 2 Hubs

Go to solution
dmitri_vilesov
Level 1
Level 1

‎03-26-2007 03:52 AM - edited ‎03-09-2019 05:40 PM

1)If i understand right - Phase 1 DMVPN is hub-to-spoke technology. Is it possible to use two hubs in the network?

2) Is it possible to use 1841 router as hub in DMVPN Phase 1?

3) Imagine such network topology:

*PIX*-(static vpn tunnel)->1841 router (hub)-(dynamic vpn tunnel)-> Spokes .

Am i going to have problems with routing into VPN between PIX and spokes through 1841?

See Scheme in the attachment.

Thnx in advance!

Labels:
Preview file
22 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kamal Malhotra
Cisco Employee
Cisco Employee

‎03-26-2007 06:42 AM

Hi,

It should be possible. The tunnel between the PIX and Hub 2 is going to be a regular IPSEC tunnel with PIX configured with all the spoke networks as destination in the crypto ACL and vice versa on the hub. Hub 2 will have a static route for the PIX's private subnet and tis route will be redestributed in the routing process so that it is advertised to the spokes. Please keep in mind that the tunnel protection profile that you configure should have the 'shared' keyword configured.

HTH,

Please rate if it helps.

Regards,

Kamal

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Kamal Malhotra
Cisco Employee
Cisco Employee

‎03-26-2007 06:42 AM

Hi,

It should be possible. The tunnel between the PIX and Hub 2 is going to be a regular IPSEC tunnel with PIX configured with all the spoke networks as destination in the crypto ACL and vice versa on the hub. Hub 2 will have a static route for the PIX's private subnet and tis route will be redestributed in the routing process so that it is advertised to the spokes. Please keep in mind that the tunnel protection profile that you configure should have the 'shared' keyword configured.

HTH,

Please rate if it helps.

Regards,

Kamal

0 Helpful

Go to solution
Kamal Malhotra
Cisco Employee
Cisco Employee
In response to Kamal Malhotra

‎03-26-2007 06:48 AM

Hi

Just to add, 1841 can be used as the hub depending on the number of the spokes. Please go through the attached data sheet of the hardware :

Integrated Hardware-Based Encryption : On motherboard

Encryption Support in Hardware : DES, 3DES, AES 128, AES 192, AES 256

IPSec Tunnels Supported : 50

IPSec VPN Performance : 40 Mbps 3DES @ 1400 byte packets

http://www.cisco.com/en/US/products/ps5853/products_data_sheet0900aecd8028a95f.html

HTH,

Please rate if it helps,

Regards,

Kamal

0 Helpful
Customers Also Viewed These Support Documents