Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Is that possible to put the DMVPN hub behind NAT? (Spoke has a public IP)

I have been trying it for a couple of days and couldn't make it to work. The diagram and configuration is in the attachment.

Show crypto isakmp profile: QM idle on both sides.

Show crypto ipsec profile: NO ipsec profile established on both sides.

Show ip nhrp (on hub side): Nothing is registered at all. Blank.

Any ideas???

Thanks!

Difan

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Is that possible to put the DMVPN hub behind NAT? (Spoke has

As long as the HUB has a static nat translation this should work, try setting your transform set to mode Transport rather than tunnel on both spoke and hub, shut your tunnel on the hub and spoke and then turn it back on, does that make a difference?

4 REPLIES

Re: Is that possible to put the DMVPN hub behind NAT? (Spoke has

As long as the HUB has a static nat translation this should work, try setting your transform set to mode Transport rather than tunnel on both spoke and hub, shut your tunnel on the hub and spoke and then turn it back on, does that make a difference?

New Member

Re: Is that possible to put the DMVPN hub behind NAT? (Spoke has

I will give it a try tomorrow. However if I didn't remember it wrong, tunnel mode is the one which can work with NAT???

Re: Is that possible to put the DMVPN hub behind NAT? (Spoke has

Nope, tunnel mode is encapsulating the whole ip packet into a new packet thefore changing the proxy id's when the traffic comes to the hub the proxy id's will not remain as how it expect them.

New Member

Re: Is that possible to put the DMVPN hub behind NAT? (Spoke has

Thanks man! It worked!

198
Views
0
Helpful
4
Replies
CreatePlease to create content