Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1294
Views
5
Helpful
2
Replies

Change tunnel IP address DMVPN

mpozorski
Level 1
Level 1

‎11-12-2009 10:33 AM - edited ‎03-04-2019 06:41 AM

I need to change the tunnel IP address for all of our remote sites that connect via DMVPN. I'm trying to figure the best way to accomplish this while causing the lease impact on users. My theory is that I could create new tunnel interfaces using the new IP address for the tunnel, then simply remove the old tunnel interface. I'm not sure if I can have two tunnels that have the same IP address in the 'ip nhrp map' and 'ip nhrp multicast' lines on the configuration. For example, here is a current spoke's configuration:

interface Tunnel0

description ### DMVPN ###

bandwidth 1152

ip address 10.9.200.201 255.255.255.0

no ip redirects

ip mtu 1400

ip nhrp authentication AUTH-METH1

ip nhrp map 10.9.200.1 PUB.LIC.IP.132

ip nhrp map multicast PUB.LIC.IP.132

ip nhrp map 10.9.200.2 PUB.LIC.IP.25

ip nhrp map multicast PUB.LIC.IP.25

ip nhrp network-id 1

ip nhrp nhs 10.9.200.1

ip nhrp nhs 10.9.200.2

ip nhrp server-only

ip tcp adjust-mss 1300

tunnel source FastEthernet0/1

tunnel mode gre multipoint

tunnel protection ipsec profile DMVPN

!

I would like to keep the above configuration and add the following tunnel:

interface Tunnel1

description ### DMVPN ###

bandwidth 1152

ip address 10.100.100.201 255.255.255.0

no ip redirects

ip mtu 1400

ip nhrp authentication AUTH-METH1

ip nhrp map 10.100.100.1 PUB.LIC.IP.132

ip nhrp map multicast PUB.LIC.IP.132

ip nhrp map 10.100.100.2 PUB.LIC.IP.25

ip nhrp map multicast PUB.LIC.IP.25

ip nhrp network-id 1

ip nhrp nhs 10.100.100.1

ip nhrp nhs 10.100.100.2

ip nhrp server-only

ip tcp adjust-mss 1300

tunnel source FastEthernet0/1

tunnel mode gre multipoint

tunnel protection ipsec profile DMVPN

!

Does anybody know if that is possible or will that cause issues with the existing tunnels? Any assistance would be greatly appreciated.

Labels:
0 Helpful
2 Replies 2

trfinkenstadt
Level 1
Level 1

‎11-12-2009 11:36 AM

you would need to add the keyword shared to your tunnel protection line for this to work:

tunnel protection ipsec profile DMVPN shared

Since you have two devices you might consider migrating one to your new IP address then the other to make this doable.

--tim

mpozorski
Level 1
Level 1
In response to trfinkenstadt

‎11-12-2009 12:08 PM

Thanks Tim, I appreciate it. Could you elaborate on what you mean to migrate one then the other? I don't see how I can migrate them without taking the tunnel down.

0 Helpful
Customers Also Viewed These Support Documents