Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Configuration Dual DMVPN

Hi dears. I configurated 1 hub and 3 spokes with dmvpn. all them are ok and working. now i want to add second router as hub for redundancy and configurated second tunnel at this router for redundancy tunnel.

my working hub and spoke routers configuration:

HUB1:

crypto isakmp policy 10

encr aes 256

authentication pre-share

group 2

crypto isakmp key 6

cisco123

address 0.0.0.0 0.0.0.0

!

!

crypto ipsec transform-set TTS esp-aes 256 esp-sha-hmac

crypto ipsec fragmentation after-encryption

!

crypto ipsec profile customer

description .:: IPSec profile for DMVPN ::.

set security-association lifetime seconds 120

set transform-set TTS

!

!interface Tunnel0

ip address 172.30.30.1 255.255.255.0

no ip redirects

ip mtu 1400

ip nhrp authentication cisco

ip nhrp map multicast dynamic

ip nhrp network-id 1

ip tcp adjust-mss 1360

no ip split-horizon eigrp 90

tunnel source GigabitEthernet0/0

tunnel mode gre multipoint

tunnel key 0

tunnel protection ipsec profile customer

!

!

interface GigabitEthernet0/0

description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$

ip address 10.0.0.1 255.255.255.0

ip access-group OUTSIDE2INSIDE in

duplex auto

speed auto

!

!

interface GigabitEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

!

interface GigabitEthernet0/2

ip address 192.168.60.1 255.255.255.0

ip inspect in2out in

duplex auto

speed auto

!

!

router eigrp 90

network 172.30.30.1 0.0.0.0

network 192.168.60.1 0.0.0.0

!

!

ip route 0.0.0.0 0.0.0.0 192.168.60.2  (core switch ip address:192.168.60.2)

Spoke 1:

crypto isakmp policy 10

encr aes 256

authentication pre-share

group 2

crypto isakmp key

cisco123

address 0.0.0.0 0.0.0.0

crypto isakmp keepalive 120

!

!

crypto ipsec transform-set TTS esp-aes 256 esp-sha-hmac

crypto ipsec fragmentation after-encryption

!

crypto ipsec profile customer

description .:: IPsec Profile for DMVPN ::.

set security-association lifetime seconds 120

set transform-set TTS

!

!

interface Tunnel0

ip address 172.30.30.5 255.255.255.0

ip mtu 1400

ip nhrp authentication cisco

ip nhrp map multicast dynamic

ip nhrp map multicast 10.0.0.1

ip nhrp map 172.30.30.1 10.0.0.1

ip nhrp network-id 1

ip nhrp nhs 172.30.30.1

ip tcp adjust-mss 1360

tunnel source GigabitEthernet0/0

tunnel destination 10.0.0.1

tunnel key 0

tunnel protection ipsec profile customer

!

!

!

interface GigabitEthernet0/0

description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$

ip address 10.0.0.5 255.255.255.0

duplex auto

speed auto

!

!

interface GigabitEthernet0/1

no ip address

duplex auto

speed auto

!

!

interface GigabitEthernet0/1.8

description User

encapsulation dot1Q 8

ip address 192.168.22.1 255.255.255.0

!

interface GigabitEthernet0/1.9

description Voice

encapsulation dot1Q 9

ip address 172.17.3.1 255.255.255.0

!

router eigrp 90

network 172.17.3.1 0.0.0.0

network 172.30.20.5 0.0.0.0

network 172.30.30.5 0.0.0.0

network 192.168.22.1 0.0.0.0

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip route 0.0.0.0 0.0.0.0 Tunnel0

this is my working configuartion. i want to configurated dual dmvpn with hsrp. mY qusetions is that>

what configuartion i need do at second hub2 router?

what configuartion i need do at spokes?

what default route's i must be config at spokes?

thanks

Everyone's tags (4)
2 REPLIES

Configuration Dual DMVPN

Hello,

This document will answer all of the questions you have

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_white_paper09186a008018983e.shtml

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

Configuration Dual DMVPN

Thanks a lot. i understand that i must be configurated tunnel also at hub2 and add this tunnel all my spokes that are clear for me. only one issue i confused. now working configuration as you see my default router to tunnel0  at spokes , if i add second tunnel at spokes router what how i add that and think the redundancy process??

thanks

989
Views
0
Helpful
2
Replies