Re: Dynmaic Multipoint VPN

richard_tufaro · ‎02-10-2003

Hi, im posting to inquire about the new feature introduced in rev 12.2(13)T1 called DMVPN.

Has anyone had any experience configuring it? Good, bad?

I have a scenario where im about to deploy 36 1760 bundles (CISCO1760-VPN/K9) with some 2611XM's and a 7204 at the hub connected to a DS3.

We are going to be using the full CiscoWorks package, including VMS for administration.

So the scenario plays out like this:

36 sites (1760's (with VPN mods) 2611XM's (with VPN mods), All remote sites have 6 usable Internet routable IP's, hub site has a 7204 and 2611XM, the 7204 has a DS3, 2611XM has 2 T1's, HUB site running BGP advertising 2 class C's. All remote office connections will be dumped into a DMZ and ACL’ed to the internal network (PIX is the firewall).

Comments questions? Advice? Welcome.

wdrootz · ‎02-14-2003

It seems that DMVPN and NAT-T dont work together. With both DMVPN and NAT-T in place the hub has problems decrypting traffic. You could configure DMVPN with no NAT-T and all will work well. However, if you need to configure NAT-T, you'll need to consider alternatives to DMVPN.

bdedek · ‎02-19-2003

Did you get this from CISCO or just first hand experience. I am trying a similar setup, but mine involves the hub and spokes behind a NAT device. Any known workarounds to this alleged problem?