We are attempting to setup DMVPN between a 3800 series (3841 I believe) and 2 1841's. Each 1841 will be at a remote site. I've been trying to follow the examples in the dmvpn.pdf document on Ciscos site. Since this is my first attempt at VPN's I really don't know where to look to fix this problem or really understand what I'm seeing.
Below are the configs from the Hub router (3800) and one of the spokes (1841). We've just picked IP address out of the air since this is just a small test network.
At the end of both configs are some of the errors which pop up. It seems to create the tunnel because of the route error but I can't see where my config differs from the (I assume) working model from the Cisco DMVPN.pdf document. I've tried changing the Vlan440 IP to be on the same subnet as the remote network but this only gets rid of the eigrp error message. Just don't know where to look next, It must be something very simple I've missed.
You seem to be missing the "tunnel protection ipsec profile Site2Site" and "crypto ipsec profile Site2Site" commands on the spoke router.
The crypto map that you have there should not be needed for this configuration.
For the routing I usually use a network statement for the TUNNEL NETWEORK under router eigrp ...on each router.
On the spoke router I point a static route to the distant tunnel endpoint to the next hop out the OUTSIDE interface (and it usually finds it via the default route). I use a network statement under router eigrp to advertise the INSIDE network.
On the hub router I use the network statement for the OUTSIDE interfaces network, and have it peer with then next hop router there. I also use a network statement under router eigrp to advertise any INSIDE networks, or form a peer with an inside router.
I have set these up in various environments and they work great.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :