Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
402
Views
0
Helpful
2
Replies

DMVPN design issue.

jerrytozhang
Level 1
Level 1

‎01-29-2008 06:24 AM - edited ‎03-09-2019 07:59 PM

Hi,All:

I designed a global DMVPN architecture, and created two multipoint GRE tunnel interfaces on hub with the same tunnel source interface (a GigaEthernet port connected to Internet), and allow our asia branches vpn tunnels terminated on one tunnel interface of hub, and allow our europe branches vpn tunnels terminated on another tunnel interface of hub.

We're using wildcard preshared keys for (ISAKMP) authentication.

Currently, Europe branches are firstly turnned up successfully, but when we tried to bring up Asia branches, none of them works.

Any idea for this ?

Thanks,

Jerry

Labels:
0 Helpful
2 Replies 2

b.schlegel
Level 1
Level 1

‎01-31-2008 08:29 AM

Jerry I had a similar issue, on the hub tunnel interefaces, the routers with two tunnels do you have "shared applied" for example...tunnel protection ipsec profile multi shared

0 Helpful

jerrytozhang
Level 1
Level 1
In response to b.schlegel

‎01-31-2008 01:53 PM

Thanks for your reply, really appreciated!

But unfortunately we're in different case, in your case, you use profile shared on two tunnels of SPOKE router, but I'm talking about the two tunnels on HUB router shared by spoke routers.

The good news is I alreay fixed my issue.

Just put a secondary IP address on the interface(facing outside) of your DMVPN Hub router, and let Europe spoke routers point to one ip address on Hub router, and let Asia spoke routers point to another ip address on Hub router, and it works right away!!!

Thanks,

Jerry.

0 Helpful
Customers Also Viewed These Support Documents