Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Single Hub, Dual DMVPN Cloud

Hello,

is it possible to run two dmvpn clouds on a single hub router?

Regards,

Thomas

4 REPLIES
Cisco Employee

Re: Single Hub, Dual DMVPN Cloud

Hi, Thomas:

Yes you can have 2 mGRE tunnel interfaces on a single DMVPN hub router, although that may increase your risk of having a single point of failure for both DMVPN clouds. I hope this helps.

Thanks,

Wen

New Member

Re: Single Hub, Dual DMVPN Cloud

Hello Wen,

thanks for your reply. thats good news the risk of having a single point of failure is not that important in this case. I am trying to configure three autonomous DMVPN-Networkes (this works fine so fare), all with a dual hub - dual cloud topology. but the customer also requires an dmvpn connection from two of the DMVPN-Networks to the LAN of the third DMVPN-Hubs. I tried to configure this today, but did not get routing information. I will see what i can do tomorrow ...

Regards,

Thomas

New Member

Re: Single Hub, Dual DMVPN Cloud

It is me again.

I tried to configure some thing, the  IPSec-Connections are build up properly but I still dont receive any  routing information. The command "sh ip eigrp neighbours" on Hub A (Location 2) does not show any entries for EIGRP 2. "sh crypto isakmp sa" has two IPSec-VPN-Tunnels to the Hubs A/B (on Location 1).

Hub A (Location 1):

crypto isakmp policy 10
encr aes 256
authentication pre-share
group 5
crypto isakmp key test123 address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 10
!
!
crypto ipsec transform-set AES-256 esp-aes 256 esp-sha-hmac
!
crypto ipsec profile xxx
set transform-set AES-256
!
interface Tunnel1
description *** HS DMVPN Cloud 1 ***
ip address 10.10.10.1 255.255.255.0
ip mtu 1300
ip nhrp authentication cisco
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip nhrp holdtime 600
no ip split-horizon eigrp 1
no ip next-hop-self eigrp 1
tunnel source GigabitEthernet0/1
tunnel mode gre multipoint
tunnel key 1
tunnel protection ipsec profile xxx
!
interface Tunnel2
description *** Central DMVPN Cloud 1 ***
ip address 10.10.100.1 255.255.255.0
ip mtu 1300
ip nhrp authentication cisco
ip nhrp map multicast dynamic
ip nhrp network-id 10
ip nhrp holdtime 600
no ip split-horizon eigrp 2
no ip next-hop-self eigrp 2
tunnel source GigabitEthernet0/1
tunnel mode gre multipoint
tunnel key 10
tunnel protection ipsec profile xxx
!
interface GigabitEthernet0/0
description *** LAN ***
ip address 172.16.1.2 255.255.255.0
duplex auto
speed auto
standby 1 ip 172.16.1.1
standby 1 priority 100
standby 1 preempt
standby 1 track GigabitEthernet0/1
no shut
!
interface GigabitEthernet0/1
description *** OUTSIDE ***
ip address 192.168.1.1 255.255.255.252
duplex auto
speed auto
no shut
!
router eigrp 1
network 10.10.10.0 0.0.0.255
network 172.16.1.0 0.0.0.255
no auto-summary
!
router eigrp 2
network 10.10.100.0 0.0.0.255
network 172.16.1.0 0.0.0.255
no auto-summary
!
ip route 0.0.0.0 0.0.0.0 192.168.1.2
!

Hub B (Location 1):

crypto isakmp policy 10
encr aes 256
authentication pre-share
group 5
crypto isakmp key test123 address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 10
!
!
crypto ipsec transform-set AES-256 esp-aes 256 esp-sha-hmac
!
crypto ipsec profile xxx
set transform-set AES-256
!
interface Tunnel1
description *** HS DMVPN Cloud 2 ***
ip address 10.10.11.1 255.255.255.0
ip mtu 1300
ip nhrp authentication cisco
ip nhrp map multicast dynamic
ip nhrp network-id 2
ip nhrp holdtime 600
no ip split-horizon eigrp 1
no ip next-hop-self eigrp 1
tunnel source GigabitEthernet0/1
tunnel mode gre multipoint
tunnel key 2
tunnel protection ipsec profile xxx
!
interface Tunnel2
description *** Zentralen DMVPN Cloud 2 ***
ip address 10.10.101.1 255.255.255.0
ip mtu 1300
ip nhrp authentication cisco
ip nhrp map multicast dynamic
ip nhrp network-id 11
ip nhrp holdtime 600
no ip split-horizon eigrp 2
no ip next-hop-self eigrp 2
tunnel source GigabitEthernet0/1
tunnel mode gre multipoint
tunnel key 11
tunnel protection ipsec profile xxx
!
interface GigabitEthernet0/0
description *** LAN ***
ip address 172.16.1.3 255.255.255.0
duplex auto
speed auto
standby 1 ip 172.16.1.1
standby 1 priority 80
standby 1 preempt
standby 1 track GigabitEthernet0/1
no shut
!
interface GigabitEthernet0/1
description *** OUTSIDE ***
ip address 192.168.1.5 255.255.255.252
duplex auto
speed auto
no shut
!
router eigrp 1
network 10.10.11.0 0.0.0.255
network 172.16.1.0 0.0.0.255
no auto-summary
!
router eigrp 2
network 10.10.101.0 0.0.0.255
network 172.16.1.0 0.0.0.255
no auto-summary
!
ip route 0.0.0.0 0.0.0.0 192.168.1.6
!

Hub A(Location 2):

crypto isakmp policy 10
encr aes 256
authentication pre-share
group 5
crypto isakmp key test123 address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 10
!
!
crypto ipsec transform-set AES-256 esp-aes 256 esp-sha-hmac
!
crypto ipsec profile xxx
set transform-set AES-256
!
interface Tunnel1
description *** CP DMVPN Cloud 1 ***
ip address 10.10.30.1 255.255.255.0
ip mtu 1300
ip nhrp authentication cisco
ip nhrp map multicast dynamic
ip nhrp network-id 3
ip nhrp holdtime 600
delay 1000
no ip split-horizon eigrp 1
no ip next-hop-self eigrp 1
tunnel source FastEthernet0/1
tunnel mode gre multipoint
tunnel key 3
tunnel protection ipsec profile xxx
!
interface Tunnel2
description *** Central DMVPN Cloud 1 ***
ip address 10.10.100.10 255.255.255.0
ip mtu 1300
ip nhrp authentication cisco
ip nhrp map 10.10.100.1 192.168.1.1
ip nhrp map multicast 192.168.1.1
ip nhrp network-id 10
ip nhrp holdtime 600
ip nhrp nhs 10.10.100.1
delay 1000
tunnel source FastEthernet0/1
tunnel mode gre multipoint
tunnel key 10
tunnel protection ipsec profile xxx shared
!
interface Tunnel3
description *** Central DMVPN Cloud 2 ***
ip address 10.10.101.10 255.255.255.0
ip mtu 1300
ip nhrp authentication cisco
ip nhrp map 10.10.101.1 192.168.1.5
ip nhrp map multicast 192.168.1.5
ip nhrp network-id 11
ip nhrp holdtime 600
ip nhrp nhs 10.10.101.1
delay 1050
tunnel source FastEthernet0/1
tunnel mode gre multipoint
tunnel key 11
tunnel protection ipsec profile xxx shared
!
interface FastEthernet0/0
description *** LAN ***
ip address 172.18.1.2 255.255.255.0
duplex auto
speed auto
standby 1 ip 172.18.1.1
standby 1 priority 100
standby 1 preempt
standby 1 track FastEthernet0/1
no shut
!
interface FastEthernet0/1
description *** OUTSIDE ***
ip address 192.168.1.17 255.255.255.252
duplex auto
speed auto
no shut
!
router eigrp 1
network 10.10.30.0 0.0.0.255
network 172.18.1.0 0.0.0.255
no auto-summary
!
router eigrp 2
network 10.10.100.0 0.0.0.255
network 10.10.101.0 0.0.0.255
network 172.18.1.0 0.0.0.255
eigrp stub connected
no auto-summary
!
ip route 0.0.0.0 0.0.0.0 192.168.1.18
!

Cisco Employee

Re: Single Hub, Dual DMVPN Cloud

Hi Thomas,

On the routers, if you are using the same ipsec profile for both the tunnel interfaces,  please make sure you have the following confiugration;

 tunnel protection ipsec profile xxx shared

Let me know if this helps,

Cheers

Rudresh V

1727
Views
15
Helpful
4
Replies
CreatePlease to create content