02-17-2008 05:03 PM - edited 03-09-2019 08:07 PM
I am exploring the idea of DMVPN. Currently I have about 15 sites on Cisco 2811 ISR routers connected to an ASA at the HQ on an IPSEC vpn. This number is expect grow to over 30. I'd like to incorporate a fully meshed vpn terminated back to a Cisco 3825 that is behind the ASA for branch to HQ traffic. Any docs or suggestions concerning this would be appreciated.
02-17-2008 05:39 PM
My experience with DMVPN has been smooth - I migrated connections from VPN 3K Concentrator to a 3825. Setup a single hub with multiple spokes. EIGRP neighbor connections up and running⦠I used DMVPN as a backup link - so each spoke has two links back to the main office. Once you have the hub setup and a single spoke - easy to roll out other sites. The guides offer step by step and great examples.
http://www.cisco.com/en/US/products/ps6658/products_ios_protocol_option_home.html
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t13/feature/guide/ftgreips.html
Take a look at this link - new PDF http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6635/ps6658/DMVPN_Overview.pdf
02-17-2008 06:12 PM
Thanks for your reply. Are there any important considerations that need to be considered on the Ciscs ASA since the traffic will flow through that before terminating on the 3825?
02-17-2008 08:27 PM
You need to do some additional research - firewall config should have a rule to the 3825 allowing udp eq 500, esp, ahp, etc...
check out http://www.cisco.com/warp/public/707/dmvpn-gre-ospf.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide