We have a 7200 router with the VAM2+ card, and one functional GRE/IPSec DMVPN tunnel. We are trying to create another one since these are in an MPLS environment and cant be shared between customers.
I believe I may have the answer to my problem, but I need verification before proceeding. The new tunnel created appears to be accepting phase 1 & 2, tunnel comes up, and I see inbound packets, no returns. When I do a show crypto ipsec sa peer for the tunnel in question, the crypto map is the other tunnel.
crypto map: Tunnel199-head-0
I should be seeing this
Crypto map tag: Tunnel300-head-0,
First can there be multiple DMVPN tunnels on one core router, and second, if so, does each one require s separate IP address to work?
Current setup, both tunnels use the same public IP. I did find a Cisco Doc Re: DMVPN, and from what I get from it each mGRE tunnel needs its own IP address, and I believe this is where my setup is failing. I will know later tonight when I can add the additional IP's to OSPF. If the remote comes up and routes, then problem solved.
The tunnel source can be the same, however, if you're using crypto, and using the same tunnel source on an mgre interface, you need to use the shared keyword at the end of the tunnel protection command on the tunnel interface. Also, you need specify the interface, and not the IP address.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :