Point to multipoint VPN in 1841 router

iqbalkhan · ‎06-17-2006

Hi

I have one Head office and 5 branch.

In HO and banches have connected router.

Now I want all branches connected to ho via VPN. so i need creat 5 tunnel.

HO---Branches ( 5 tunnel)

As HO router have one connection port and before time i successful creat VPN by subinterface but many reason it is not continue.

So I want VPN tunnel with loopback concept where all branch and ho connect by loopback and tunnel concept.

I need help of all who are create VPN with loopback tunnel for point to mulipoint coneection.

pls help any sample configuration which help of me.

Thanks

Biplob

a.hajhamad · ‎06-18-2006

You can do that with Dynamic multipoint VPN, the HO router will the Hub and the branches will be the spokes. Permenant IPSec tunnels will be from each spoke to the HUB (HO router) and on demand dynamic tunnel between the spokes. But why you need to use loopback interfaces?

Thanks

Abd Alqader

iqbalkhan · ‎06-18-2006

HI

I have no clear concept about dynamic multipoint VPN.

can u give me a configuration about this ?.

----

I explain u now why i am use loopback interface.

My HO router have one interface connected and when i create VPN tunnel with 5 branch then need to 5 interface for crypto map bind.

i can do it by subinterface in HO router and another way to create GRE tunnel;

under the example:

=============================================

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

crypto isakmp key ibhbvpn address 10.10.10.7

crypto isakmp key ibhbvpn address 10.10.10.8

crypto ipsec transform-set ibbl-all esp-des esp-md5-hmac

crypto map dc-br local-address Loopback0

crypto map dc-br 151 ipsec-isakmp

description *** DC to Gulshan ***

set peer 10.10.10.7

set transform-set ibbl-all

match address 151

crypto map dc-br 105 ipsec-isakmp

description *** DC to Rajshahi ***

set peer 10.10.10.130

set transform-set ibbl-all

match address 105

interface Tunnel151

description *** Tunnel to Gulshan ***

ip address 192.168.20.13 255.255.255.252

load-interval 30

keepalive 5 4

tunnel source Loopback0

tunnel destination 10.10.10.7

crypto map dc-br

interface Tunnel105

description *** Tunnel to Rajshahi ***

ip address 192.168.21.5 255.255.255.252

load-interval 30

keepalive 5 4

tunnel source Loopback0

tunnel destination 10.10.10.130

crypto map dc-br

interface Loopback0

ip address 10.10.10.1 255.255.255.255

crypto map dc-br

======================for subinterface

interface FastEthernet1/0

no ip address

duplex auto

speed auto

!

interface FastEthernet1/0.1

encapsulation dot1Q 100

ip address 192.168.5.1 255.255.255.252

crypto map dc-ho

!

interface FastEthernet1/0.2

encapsulation dot1Q 101

ip address 192.168.5.5 255.255.255.252

crypto map dc-loc

============================

I think I understand you about view of mine.

Thanks

Biplob

a.hajhamad · ‎06-19-2006

Hi,

You will have one tunnel interface at the HUB router.

The following document will help you understanding the DMVPN.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_white_paper09186a008018983e.shtml

Plz. rate if it does!

Abd Alqader

iqbalkhan · ‎06-20-2006

Hi

Thanks for useful link.

Thanks biplob