Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Multiple DMVPN tunnels on one router

We have a 7200 router with the VAM2+ card, and one functional GRE/IPSec DMVPN tunnel. We are trying to create another one since these are in an MPLS environment and cant be shared between customers.

I believe I may have the answer to my problem, but I need verification before proceeding. The new tunnel created appears to be accepting phase 1 & 2, tunnel comes up, and I see inbound packets, no returns. When I do a show crypto ipsec sa peer for the tunnel in question, the crypto map is the other tunnel.

crypto map: Tunnel199-head-0

I should be seeing this

interface: Tunnel300

Crypto map tag: Tunnel300-head-0,

First can there be multiple DMVPN tunnels on one core router, and second, if so, does each one require s separate IP address to work?

5 REPLIES
Cisco Employee

Re: Multiple DMVPN tunnels on one router

You can have multiple tunnels, but I am not sure I understand what you mean by does "one require a separate IP address to work?"

Can you explain that in a little more detail?

New Member

Re: Multiple DMVPN tunnels on one router

Tunnel 199 is reached via 192.168.100.1

tunnel 300 is reached via 192.168.100.1

Current setup, both tunnels use the same public IP. I did find a Cisco Doc Re: DMVPN, and from what I get from it each mGRE tunnel needs its own IP address, and I believe this is where my setup is failing. I will know later tonight when I can add the additional IP's to OSPF. If the remote comes up and routes, then problem solved.

New Member

Re: Multiple DMVPN tunnels on one router

I believe I found my answer in this sample config from the DMVPN design guide

Interface Tunnel0

description Tunnel0

bandwidth 100000

ip address 10.56.0.1 255.255.252.0

tunnel source 192.168.161.1

tunnel mode gre multipoint

!

interface Tunnel1

description Tunnel1

bandwidth 100000

ip address 10.56.16.1 255.255.252.0

tunnel source 192.168.181.1

Tunnel source addresses use a unique IP.

Cisco Employee

Re: Multiple DMVPN tunnels on one router

Ah, so you were talking about the tunnel source.

The tunnel source can be the same, however, if you're using crypto, and using the same tunnel source on an mgre interface, you need to use the shared keyword at the end of the tunnel protection command on the tunnel interface. Also, you need specify the interface, and not the IP address.

Let me know if that works.

Here is a document that talks about it:

http://www.cisco.com/en/US/docs/ios/security/configuration/guide/share_ipsec_w_tun_protect.html

New Member

Re: Multiple DMVPN tunnels on one router

I got it working last night with a new IP as the tunnel source. Its working as designed now.

1992
Views
0
Helpful
5
Replies
CreatePlease to create content