06-06-2010 09:11 AM - edited 03-04-2019 08:41 AM
hello everyone,
i am trying to find a solution to have DMVPN tunnel running between our corporate and our ISP.
however they current running protocol between us and ISP is OSPF process 10, announcing internal LAN and WAN IP addresses.
how can i have anothrer OSPF process that can support the DMVPN Tunneling?
Solved! Go to Solution.
06-07-2010 07:08 AM
Hi
I would like to clear one thing that DMVPN is your own cloud that run over ISP cloud.
Here you are running OSPF with SP for WAN & LAN Connectivity. But when you are going with DMVPN then make sure that you are using ISP for only WAN Connectivity.
For tunnel you need WAN Connectivity and after creating tunnel you can check weather you are able ping point to point ip of those tunnel.
if its working fine then you can run the different ospf process and route only Tunnel IP & LAN IP for that Locaiton & Central HQ.
and in other ospf process that is for ISP should responsible for only you WAN Connectivity i.e. your tunnel Source IP.
Please refer the below config
Central Router
interface fa0
des **** WAN ***
ip add 1.1.1.1 255.255.255.252
interface loopback 10
des **** LAN Network ****
ip add 10.1.1.1 255.255.255.0
interface tunnel 10
des *** DMVPN ***
ip add 192.168.1.1 255.255.255.0
tunnel source 1.1.1.1
tunnel des 2.2.2.2 255.255.255.252
tunnel mode gre
(Refer DMVPN Configuration)
ospf 10 ---- For ISP
network 1.1.1.1 0.0.0.0.3 area 0
osp 20 --- For DMVPN
network 192.168.1.0 0.0.0.255 area 0 --- Tunnel Network
network 10.0.0.0 0.0.0.255 area 0 ---- LAN Network
Remote Router
interface fa0
des **** WAN ***
ip add 2.2.2.2 255.255.255.252
interface loopback 10
des **** LAN Network ****
ip add 20.1.1.1 255.255.255.0
interface tunnel 10
des *** DMVPN ***
ip add 192.168.1.2 255.255.255.0
tunnel source 2.2.2.2
tunnel des 1.1.1.1
(Refer DMVPN Configuration)
ospf 10 ---- For ISP
network 2.2.2.0 0.0.0.0.3 area 0
osp 20 --- For DMVPN
network 192.168.1.0 0.0.0.255 area 0 --- Tunnel Network
network 20.0.0.0 0.0.0.255 area 0 ---- LAN Network
Regards
Chetan Kumar
06-06-2010 09:47 AM
Hi,
Just configure a new OSPF instance with a new Id and add the network statement accordingly:
router ospf 10
...
!
router ospf 11
...
!
HTH
Laurent.
06-06-2010 09:54 AM
hi laurent,
i've done the same, i've kept process 10 for WAN and 11 for LAN (From Branch and HQ), however from the core router or the branch router i cant reach other end.
i cant see the network on the routing table at all.
06-06-2010 11:48 AM
Hi,
Since you have two OSPF processes in order for one process to see the other processes' route, you have to redistribute from one to another.
for example:
router ospf 1
redis ospf 2 subnet xxxx
HTH
Reza
06-07-2010 12:21 PM
Hello Reza,
i've tried the same as well, however if i ended up redistributing the LAN subnet from 2nd OSPF process i am still announcing LAN to SP on 1st OSPF process.
i can see this when i trace route a branch ip from HQ.
06-07-2010 06:30 AM
Hi,
OSPF 10 should include only Tunnels source addesses and OSPF 11 should run inside the tunnels to advertise LAN subnets only.
1- Do you learn tunnels of branch and HA source addresses correctly via OSPF 10 ?
2- If yes are your IPSec tunnels UP ?
3- If yes are your OSPF session inside the tunnel UP ?
Thanks
Laurent.
06-07-2010 12:33 PM
Hi Laurent,
When i've created another instance of OSPF Process i am not able to see it running by performing a multiple commands like show ip route ospf 11 nothing shows, however i ensure it has been created by verifing information on show ip ospf interface.
anyways, coming back to your questions please find below
1- since Tunel, WAN and LAN both are announced on OSPF 10 they are properly learnet.
2- IP sec tunnels are active even, but with no use
3- i didnt understand excatlly this point.
thank you
06-07-2010 07:08 AM
Hi
I would like to clear one thing that DMVPN is your own cloud that run over ISP cloud.
Here you are running OSPF with SP for WAN & LAN Connectivity. But when you are going with DMVPN then make sure that you are using ISP for only WAN Connectivity.
For tunnel you need WAN Connectivity and after creating tunnel you can check weather you are able ping point to point ip of those tunnel.
if its working fine then you can run the different ospf process and route only Tunnel IP & LAN IP for that Locaiton & Central HQ.
and in other ospf process that is for ISP should responsible for only you WAN Connectivity i.e. your tunnel Source IP.
Please refer the below config
Central Router
interface fa0
des **** WAN ***
ip add 1.1.1.1 255.255.255.252
interface loopback 10
des **** LAN Network ****
ip add 10.1.1.1 255.255.255.0
interface tunnel 10
des *** DMVPN ***
ip add 192.168.1.1 255.255.255.0
tunnel source 1.1.1.1
tunnel des 2.2.2.2 255.255.255.252
tunnel mode gre
(Refer DMVPN Configuration)
ospf 10 ---- For ISP
network 1.1.1.1 0.0.0.0.3 area 0
osp 20 --- For DMVPN
network 192.168.1.0 0.0.0.255 area 0 --- Tunnel Network
network 10.0.0.0 0.0.0.255 area 0 ---- LAN Network
Remote Router
interface fa0
des **** WAN ***
ip add 2.2.2.2 255.255.255.252
interface loopback 10
des **** LAN Network ****
ip add 20.1.1.1 255.255.255.0
interface tunnel 10
des *** DMVPN ***
ip add 192.168.1.2 255.255.255.0
tunnel source 2.2.2.2
tunnel des 1.1.1.1
(Refer DMVPN Configuration)
ospf 10 ---- For ISP
network 2.2.2.0 0.0.0.0.3 area 0
osp 20 --- For DMVPN
network 192.168.1.0 0.0.0.255 area 0 --- Tunnel Network
network 20.0.0.0 0.0.0.255 area 0 ---- LAN Network
Regards
Chetan Kumar
06-07-2010 12:36 PM
Hi Kumar,
thank you for the detailed response, however i have two questions
1- how will traffic be routed through WAN?
2- why is LAN configured on loopback not fastethernet?
thanks
06-08-2010 05:26 AM
Hi
1- how will traffic be routed through WAN?
----- Between CE & PE you are running Ospf & Your Tunnel Will use that one as a source to communicate other side of Tunnel network.
For DMVPN you requried that All router should reach each other & that is possible via ISP ( As you can using OSPF with ISP)
2- why is LAN configured on loopback not fastethernet\
----- It was just an example to show that how you need to advertise the network. In Production you can configure LAN on physical interface.
Regards
Chetan kumar
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: