This document gives information about DMVPN with a configuration example.
DMVPN stands for Dynamic Multipoint VPN and it is an effective solution for dynamic secure overlay networks. In short, DMVPN is combination of the following technologies:
Once you have physical connectivity you can add the DMVPN configuration.
Next you will need to add IPSEC, this will ensure that traffic is not sent in clear text. This configuration will be added to each router except router 1.
To enable dynamic routing i am using EIGRP add the following configuration to each routers except router 1.
Seems we are missing the configuration for Router 1, would you mind uploading it if you still have it documented somewhere? :)
Thanks for the help!
R1 is the cloud :)
The R1 is your ISP router - it's configuration is not relevant (except that the external interfaces of the other routers should be able to reach each other).
Any DMVPN Phase 3 doc?
Is this layout supporting a NAT scenario?
So curiously, how is this config example working if you have statics on the hub for the NBMA networks of the remote routers?
You'd need statics (or a default, not shown here) on the spoke routers to reach the NBMA addresses of the other spokes, since it won't be populated from the hub.
I tried dropping a similar config in and I see the FD as infinity on the hub for those remote sites NBMA networks, since the statics exist on the hub -- at which point, the EIGRP route for the NBMA never makes it from hub-to-spoke and traffic is broken between spokes.
!hostname Router1!ip cef!interface FastEthernet0/0 description to Router2 ip address 192.168.2.1 255.255.255.0 duplex full speed 100 !!interface FastEthernet0/1 description to Router3 ip address 192.168.3.1 255.255.255.0 duplex full speed 100 !!interface FastEthernet1/0 description to Hub ip address 192.168.1.1 255.255.255.0 duplex full speed 100 !!interface FastEthernet1/1 description to Router4 ip address 192.168.4.1 255.255.255.0 duplex full speed 100 !!end
Excellent work Did the scenario using the eigrp named mode (kept it simple)
This configuration is for a Phase 2 DMVPN - which should probably be noted somewhere here (probably in the title). The only problem with a Phase 2 DMVPN is scalability. If you have a very large number of networks sitting behind each spoke (or a very large number of spokes with a couple of networks behind them), the routing table will get very large and Phase 2 DMVPNs don't support using summarization to reduce the size of the routing table.
To make this a Phase 3 DMVPN is quite easy. To understand what these commands do, isn't so easy.
On the hub add:
Hub(config)# int tunnel 0
Hub(config-if)# ip nhrp redirect
Hub(config-if)# ip nhrp shortcut
On the spokes add:
Router2(config)# int tunnel 0
Router2(config-if)# ip nhrp shortcut
two questions -
usually external interfaces for R2,R3,R4 have dynamic IP (from ISP), how this config will be for that situation ? For this situation is it required to use dynamic IP routing - for example - EIGRP ?
Is it possible to use this configuration with 1 central Hub router with all four spokes connecting to the Hub?
some time sh dmvpn not accept in router so main while use show crypto isakmp sa for phase 1 policy and
show crypto engine connection active for phase 1 and phase 2.
As per your DMVNphase 2 configuration mentioned above we tested in a lab however spoke to spoke ping was not working as removed no ip eigrp nexthop self it started working . please comment.