Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Is it possible to build the gre tunnel with dynamic ip on one end-point?

Hi all,

Is it possible to build the gre tunnel with dynamic ip on one end-point?

4 REPLIES
Cisco Employee

Re: Is it possible to build the gre tunnel with dynamic ip on on

dmvpn

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080808395.shtml#diag

this will help you achieve what you want and also when you look at it's sclability you will be amused, this is a fantastic technology but yeah its not too easy to understand

i hope this helps

Cisco Employee

Re: Is it possible to build the gre tunnel with dynamic ip on on

Yes this is possible using DMVPN.  For a simple single tunnel case it would look like:

Node1,  that has the dynamic IP on interface Serial1/0 (could be any type of interface):

interface Tunnel0
bandwidth 1000
ip address 10.0.0.2 255.255.255.252
no ip redirects
ip mtu 1400
ip nhrp authentication test
ip nhrp map multicast 172.17.0.1
ip nhrp map 10.0.0.1 172.17.0.1
ip nhrp network-id 100000
ip nhrp holdtime 360
ip nhrp registration no-unique

ip nhrp nhs 10.0.0.1
no ip mroute-cache
delay 1000
cdp enable
tunnel source Serial1/0  <-- has dynamic IP address
tunnel destination 172.17.0.1
tunnel key 100000
tunnel protection ipsec profile vpnprof  <-- for IPsec encryption (optional).

Node2, that has a static IP on interface Serial 2/0 (could be any type of interface):

interface Tunnel0
bandwidth 1000
ip address 10.0.0.1 255.255.255.0
ip mtu 1400
ip nhrp authentication test
ip nhrp map multicast dynamic
ip nhrp network-id 100000
ip nhrp holdtime 360
ip nhrp server-only
ip tcp adjust-mss 1360
cdp enable
tunnel source Serial2/0  <-- has IP address 172.17.0.1
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile vpnprof <-- for IPsec encryption (optional).

NHRP does the work of informing the Node2 about Node1's dynamic IP address.

You can find out more information about DMVPN at http://www.cisco.com/go/dmvpn

Mike.

Re: Is it possible to build the gre tunnel with dynamic ip on on

Might want to use the same mask on the tunnel interfaces that participate in the same NHRP Network, particularly if there is to be more than 1 spoke, and you desire dynamic spoke-to-spoke tunnels to be negotiated.

Best Regards,

Mike

Cisco Employee

Re: Is it possible to build the gre tunnel with dynamic ip on on

Mike,

You are absolutely correct.  This what happens when you cut and paste and don't carefully look at it.

I was trying to show the use for a basic p-pGRE case in which case, though you have to use an mGRE

tunnel on the hub.

For just a single tunnel/spoke.

interface Tunnel0

ip address 10.0.0.2 255.255.255.252
...
ip nhrp authentication test
ip nhrp map multicast 172.17.0.1
ip nhrp map 10.0.0.1 172.17.0.1
ip nhrp network-id 100000
ip nhrp holdtime 360
ip nhrp registration no-unique

ip nhrp nhs 10.0.0.1
...
tunnel source Serial1/0  <-- has dynamic IP address
tunnel destination 172.17.0.1
...

interface Tunnel0

ip address 10.0.0.1 255.255.255.252
...
ip nhrp authentication test
ip nhrp map multicast dynamic
ip nhrp network-id 100000
ip nhrp holdtime 360
ip nhrp server-only
ip tcp adjust-mss 1360
tunnel source Serial2/0  <-- has IP address 172.17.0.1
tunnel mode gre multipoint
...

For many tunnels/spokes.

interface Tunnel0

ip address 10.0.0. 255.255.255.0  <-- is different for each spoke
...
ip nhrp authentication test
ip nhrp map multicast 172.17.0.1
ip nhrp map 10.0.0.1 172.17.0.1
ip nhrp network-id 100000
ip nhrp holdtime 360
ip nhrp registration no-unique

ip nhrp nhs 10.0.0.1
...
tunnel source Serial1/0  <-- has dynamic IP address
tunnel destination 172.17.0.1  <--  If you want dynamic spoke-spoke then change to tunnel mode gre-multipoint
...

interface Tunnel0

ip address 10.0.0.1 255.255.255.0
...
ip nhrp authentication test
ip nhrp map multicast dynamic
ip nhrp network-id 100000
ip nhrp holdtime 360
ip nhrp server-only
ip tcp adjust-mss 1360
tunnel source Serial2/0  <-- has IP address 172.17.0.1
tunnel mode gre multipoint
...

Hope that is a little more clear.

Mike

6979
Views
0
Helpful
4
Replies