Cisco Support Community
Community Member

DMVPN with DBU -- possible to do single tunnel with tunnel protect?

I’m working on configs for several different large implementations of DMVPN with DBU. I prefer to have the same tunnels be used on both broadband and on DBU and I’ve read the article about doing DBU with reliable static routing using object tracking. However, it seems that to use the same GRE tunnels on both broadband and DBU (meaning there isn’t a tunnel specifically for DBU) with object tracking, you have to use crypto ACLs and crypto maps instead of the tunnel protect mode.

My questions are:

1. is there any way to do the single tunnel for both connections using the tunnel protect mode since it makes the config smaller and easier.

2. the cisco DMVPN FAQ talks about how DMVPN is more efficient than doing static GRE and crypto maps. Does the use of the cryptomaps instead of tunnel protect mode reduce the number of DMVPN tunnels the headend can support? The DMVPN FAQ says a 7200 can do about 350 remotes connected per mGRE interface and it can do two of these interfaces.




Re: DMVPN with DBU -- possible to do single tunnel with tunnel p

The difference may be due to CPU utilization for process IKMP is around 95% and stays on that peak for a long time (15 min) until crypto isakmp cleared.

CreatePlease to create content