Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Cisco Employee

Multiple DMVPN Instances on Same WAN Interface

Hi Folks,

Is it possible to run Multiple DMVPN Instances on a single WAN Interface ? Can we for example configure 3 Tunnels on a Router using one same WAN Interface but running separate EIGRP Instances for each Tunnel ? Kindly let me know , Alioune

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions

Multiple DMVPN Instances on Same WAN Interface

Hi Alioune,

Yes you can create DMVPN as you said with one WAN interface that is possible..... you can have multiple tunnel interfaces pointed to a WAN interface as the source interface which resides in public zone..... with different public ip's as the destination tunnel...

interface Tunnel1

description ** A-VPN Tunnel **

bandwidth 100000

ip vrf forwarding red

ip address 10.0.252.2 255.255.255.252

no ip redirects

no ip unreachables

no ip proxy-arp

ip mtu 1500

load-interval 60

tunnel source GigabitEthernet0/0 (WAN Interface)

tunnel destination  1.1.1.1

tunnel protection ipsec profile dmvpn

!

interface Tunnel1

description ** B-VPN Tunnel **

bandwidth 100000

ip vrf forwarding red

ip address 10.0.252.5 255.255.255.252

no ip redirects

no ip unreachables

no ip proxy-arp

ip mtu 1500

load-interval 60

tunnel source GigabitEthernet0/0 (WAN Interface)

tunnel destination  2.1.1.1

tunnel protection ipsec profile dmvpn

!

like the above..... shown sample...

Please rate if the given information helps!!!

2 REPLIES

Multiple DMVPN Instances on Same WAN Interface

Hi Alioune,

Yes you can create DMVPN as you said with one WAN interface that is possible..... you can have multiple tunnel interfaces pointed to a WAN interface as the source interface which resides in public zone..... with different public ip's as the destination tunnel...

interface Tunnel1

description ** A-VPN Tunnel **

bandwidth 100000

ip vrf forwarding red

ip address 10.0.252.2 255.255.255.252

no ip redirects

no ip unreachables

no ip proxy-arp

ip mtu 1500

load-interval 60

tunnel source GigabitEthernet0/0 (WAN Interface)

tunnel destination  1.1.1.1

tunnel protection ipsec profile dmvpn

!

interface Tunnel1

description ** B-VPN Tunnel **

bandwidth 100000

ip vrf forwarding red

ip address 10.0.252.5 255.255.255.252

no ip redirects

no ip unreachables

no ip proxy-arp

ip mtu 1500

load-interval 60

tunnel source GigabitEthernet0/0 (WAN Interface)

tunnel destination  2.1.1.1

tunnel protection ipsec profile dmvpn

!

like the above..... shown sample...

Please rate if the given information helps!!!

VIP Purple

Re: Multiple DMVPN Instances on Same WAN Interface

Additionally to the VRF-solution there is a slightly easier solution:

You can have multiple DMVPN-tunnels between the same peers if you configure your tunnels with different tunnel-keys (which have to match with the remote side) and you add the parameter "shared" to your tunnel protection command:

int tunnel 1

...

tunnel key 11111

...

tunnel protection ipsec profile TUNNEL-PROFILE shared

!

int tunnel 2

...

tunnel key 22222

...

tunnel protection ipsec profile TUNNEL-PROFILE shared

Sent from Cisco Technical Support iPad App


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
1335
Views
4
Helpful
2
Replies
CreatePlease to create content