cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1221
Views
5
Helpful
9
Replies

DMVPN with 2 OSPF processes

Ahmed Shaheen
Level 1
Level 1

hello everyone,

i am trying to find a solution to have DMVPN tunnel running between our corporate and our ISP.

however they current running protocol between us and ISP is OSPF process 10, announcing internal LAN and WAN IP addresses.

how can i have anothrer OSPF process that can support the DMVPN Tunneling?

1 Accepted Solution

Accepted Solutions

Hi

I would like to clear one thing that DMVPN is your own cloud  that run over ISP cloud.

Here you are running OSPF with SP for WAN & LAN Connectivity. But when you are going with DMVPN then make sure that you are using ISP for only WAN Connectivity.

For tunnel you need WAN Connectivity and after creating tunnel you can check weather you are able ping point to point ip of those tunnel.

if its working fine then you can run the different ospf process and route only Tunnel IP & LAN IP for that Locaiton & Central HQ.

and in other ospf process that is for ISP should responsible for only you WAN Connectivity i.e. your tunnel Source IP.

Please refer the below config

Central Router

interface fa0

des  **** WAN ***

ip add 1.1.1.1 255.255.255.252

interface loopback 10

des **** LAN Network ****

ip add 10.1.1.1 255.255.255.0

interface tunnel 10

des *** DMVPN ***

ip add 192.168.1.1 255.255.255.0

tunnel source 1.1.1.1

tunnel des 2.2.2.2 255.255.255.252

tunnel mode gre

(Refer DMVPN Configuration)

ospf 10  ---- For ISP

network 1.1.1.1 0.0.0.0.3 area 0

osp 20 --- For DMVPN

network 192.168.1.0 0.0.0.255 area 0 --- Tunnel Network

network 10.0.0.0 0.0.0.255 area 0 ---- LAN Network

Remote Router

interface fa0

des  **** WAN ***

ip add 2.2.2.2 255.255.255.252

interface loopback 10

des **** LAN Network ****

ip add 20.1.1.1 255.255.255.0

interface tunnel 10

des *** DMVPN ***

ip add 192.168.1.2 255.255.255.0

tunnel source 2.2.2.2

tunnel des 1.1.1.1

(Refer DMVPN Configuration)

ospf 10  ---- For ISP

network 2.2.2.0 0.0.0.0.3 area 0

osp 20 --- For DMVPN

network 192.168.1.0 0.0.0.255 area 0 --- Tunnel Network

network 20.0.0.0 0.0.0.255 area 0 ---- LAN Network

Regards

Chetan Kumar

View solution in original post

9 Replies 9

Laurent Aubert
Cisco Employee
Cisco Employee

Hi,

Just configure a new OSPF instance with a new Id and add the network statement accordingly:

router ospf 10

...

!

router ospf 11

...

!

HTH

Laurent.

hi laurent,

i've done the same, i've kept process 10 for WAN and 11 for LAN (From Branch and HQ), however from the core router or the branch router i cant reach other end.

i cant see the network on the routing table at all.

Hi,

Since you have two OSPF processes in order for one process to see the other processes' route, you have to redistribute from one to another.

for example:

router ospf 1

redis ospf 2 subnet xxxx

HTH

Reza

Hello Reza,

i've tried the same as well, however if i ended up redistributing the LAN subnet from 2nd OSPF process i am still announcing LAN to SP on 1st OSPF process.

i can see this when i trace route a branch ip from HQ.

Hi,

OSPF 10 should include only Tunnels source addesses and OSPF 11 should run inside the tunnels to advertise LAN subnets only.

1- Do you learn tunnels of branch and HA source addresses correctly via OSPF 10 ?

2- If yes are your IPSec tunnels UP ?

3- If yes are your OSPF session inside the tunnel UP ?

Thanks

Laurent.

Hi Laurent,

When i've created another instance of OSPF Process i am not able to see it running by performing a multiple commands like show ip route ospf 11 nothing shows, however i ensure it has been created by verifing information on show ip ospf interface.

anyways, coming back to your questions please find below

1- since Tunel, WAN and LAN both are announced on OSPF 10 they are properly learnet.

2- IP sec tunnels are active even, but with no use

3- i didnt understand excatlly this point.

thank you

Hi

I would like to clear one thing that DMVPN is your own cloud  that run over ISP cloud.

Here you are running OSPF with SP for WAN & LAN Connectivity. But when you are going with DMVPN then make sure that you are using ISP for only WAN Connectivity.

For tunnel you need WAN Connectivity and after creating tunnel you can check weather you are able ping point to point ip of those tunnel.

if its working fine then you can run the different ospf process and route only Tunnel IP & LAN IP for that Locaiton & Central HQ.

and in other ospf process that is for ISP should responsible for only you WAN Connectivity i.e. your tunnel Source IP.

Please refer the below config

Central Router

interface fa0

des  **** WAN ***

ip add 1.1.1.1 255.255.255.252

interface loopback 10

des **** LAN Network ****

ip add 10.1.1.1 255.255.255.0

interface tunnel 10

des *** DMVPN ***

ip add 192.168.1.1 255.255.255.0

tunnel source 1.1.1.1

tunnel des 2.2.2.2 255.255.255.252

tunnel mode gre

(Refer DMVPN Configuration)

ospf 10  ---- For ISP

network 1.1.1.1 0.0.0.0.3 area 0

osp 20 --- For DMVPN

network 192.168.1.0 0.0.0.255 area 0 --- Tunnel Network

network 10.0.0.0 0.0.0.255 area 0 ---- LAN Network

Remote Router

interface fa0

des  **** WAN ***

ip add 2.2.2.2 255.255.255.252

interface loopback 10

des **** LAN Network ****

ip add 20.1.1.1 255.255.255.0

interface tunnel 10

des *** DMVPN ***

ip add 192.168.1.2 255.255.255.0

tunnel source 2.2.2.2

tunnel des 1.1.1.1

(Refer DMVPN Configuration)

ospf 10  ---- For ISP

network 2.2.2.0 0.0.0.0.3 area 0

osp 20 --- For DMVPN

network 192.168.1.0 0.0.0.255 area 0 --- Tunnel Network

network 20.0.0.0 0.0.0.255 area 0 ---- LAN Network

Regards

Chetan Kumar

Hi Kumar,

thank you for the detailed response, however i have two questions

1- how will traffic be routed through WAN?

2- why is LAN configured on loopback not fastethernet?

thanks

Hi

1- how will traffic be routed through WAN?

----- Between CE & PE you are running Ospf & Your Tunnel Will use that one as a source to communicate other side of Tunnel network.

For DMVPN you requried that All router should reach each other & that is possible via ISP ( As you can using OSPF with ISP)

2- why is LAN configured on loopback not fastethernet\

----- It was just an example to show that how you need to advertise the network. In Production you can configure LAN on physical interface.

Regards

Chetan kumar

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco