I am trying to create a DMVPN design with 2 hubs, 1 primary and 1 backup, and several spokes. I have been reading of the difficulty of terminating a DMVPN tunnel onto an HSRP address and indeed I have not been able to get this to work. I have, however, been able to use the Dual Hub/Single DMVPN design where the spoke maps the tunnel endpoints to the physical outside addresses of each hub, changing the metric of the backup hub (in my case increasing the OSPF cost) to avoid routing loops.
What I am unclear about is _why_ the DMVPN tunnel will not terminate on the HSRP address. Could someone please point me to some official Cisco document indicating the incompatibility, or else if I am completely wrong point me in the direction of how to configure DMVPN with HSRP?
First I want say HSRP and DMVPN is not officially supported, not documented on CCO, but it can work together.
The primary reason of using HSRP with ipsec is to provide redundancy; DMVPN use the routing protocol on top to achieve the active/active redundancy, so there is no need for HSRP. Another reason is for HSRP to work, the 2 hub router must be in same LAN; using DMVPN and routing protocol for redundancy will not have that restriction.
However, as I said. HSRP with DMVPN can work together, but just not recommended.
I tried configuring the DMVPN to terminate on the HSRP address but was not able to bring up the tunnel. I would see an active SA in the QM_IDLE state for exactly 1 minute, but even during this time I was not able to route traffic through the tunnel.
Could you please tell me how (what configuration is necessary) to terminate a DMVPN spoke onto an HSRP address? Though I will probably not use HSRP for DMVPN in production, I still would like to know how it is technically possible, or why technically it won't work.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...