I am using DMVPN before but I never studied it (run debug, wireshark, etc). Now I am going into the details. I started with a very simple topolgy using DMVPN phase 1 configuration without IPSec. My first question is about the NHRP network-ID. Apparently without it the NHRP process doesn't start. However the configured ID is not in the NHRP registration request or reply messages that I captured. In addition, spoke still registers with hub even with the wrong ID. Any ideas why? What is the purpose of the network ID?
Hi Marcin, thanks for the reply and sorry for the late response. I just tried on phase 3, however it still doesn't seem to matter.. My hub and two spokes all have the different valus and they still process NHRP packets correctly and route injected properly as well... I guess it is just a local number to differentiate in case you have more than one DMVPNs configured, correct...? Thanks
I am pretty much confused with this NHRP ID as well.
This is what I found from NHRP document.
"Enabling NHRP on an Interface The NHRP network ID is used to define the NHRP domain for an NHRP interface and differentiate between multiple NHRP domains or networks, when two or more NHRP domains (GRE tunnel interfaces) are available on the same NHRP node (router). The NHRP network ID is used to help keep two NHRP networks (clouds) separate from each other when both are configured on the same router. The NHRP network ID is a local only parameter. It is significant only to the local router and it is not transmitted in NHRP packets to other NHRP nodes. For this reason the actual value of the NHRP network ID configured on a router need not match the same NHRP network ID on another router where both of these routers are in the same NHRP domain. As NHRP packets arrive on a GRE interface, they are assigned to the local NHRP domain in the NHRP network ID that is configured on that interface."
And this is what I have on DMVPN Guide.
"To participate in one NHRP registration process, all routers must belong to the same NHRP network by a network ID. The NHRP network ID defines an NHRP domain."
Both of the documents are from Cisco.
So what I am thinking is that different DMVPN domains are being classified on a single router through the NHRP ID. If a router do have two tunnel interfaces then the distinguishing factor on what tunnel interface it would be classified is by tunnel key, not NHRP ID, when it is sharing the same NBMA interface. If the two tunnels were mapped on different physical interfaces then it chooses the NHRP ID on which tunnel interface the packet landed.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...