04-28-2019 11:33 PM
Hello Experts,
I want to configure a IPSec tunnel with dynamic IP on remote site.
HQ (HUB)----------Remote Location
Here is my layout:
Info: HUB is using static IP routing for public IP routes, so its really hard to route a unknow IP!!! (Biggest issue) and i have a default router to our LAN from HQ router.
Thanks in advance.
04-29-2019 12:17 AM
Hello,
have a look at the configuration example below:
CONFIGURING CISCO SITE TO SITE IPSEC VPN WITH DYNAMIC IP ENDPOINT CISCO ROUTERS
04-29-2019 12:36 AM
thanks for quick answer.
But my main issue is routing on HQ router!!
I do i route the dynamic ip from HQ routers as i do not have specific IP!!!
Thanks
04-29-2019 01:00 AM
But my main issue is routing on HQ router!! I do i route the dynamic ip from HQ routers as i do not have specific IP!!!
What is your meaning with routing with WAN IP address? You can implement a default route also from the ISP 2.
04-29-2019 01:23 AM
Sorry for typo.
I am routing WAN IP address for all 40 location statically (next hop is ISP and ISP2).
There is one default route available on HQ router and that is towards LAN: 0/0 10.18.2.254
Thanks
04-29-2019 01:12 AM
Hello,
all you need is a default route pointing to the outgoing interface on both the remote site and the HQ site...
ip route 0.0.0.0 0.0.0.0 interface X
04-29-2019 01:20 AM
Thanks again.
Problem is I already have a default route on HQ router towards LAN.
====================
ip route 0.0.0.0 0.0.0.0 10.18.2.254
====================
Thanks
04-29-2019 01:53 AM
Hello,
is that default route actually needed ? Typically, the LAN would be on a directly connected interface...
04-29-2019 02:07 AM
I think we need it.
Please have a look on the topology:
Thanks
04-29-2019 12:48 AM
Hi,
The LAN to Remote site route will be done using the Tunnel interface IP address neither a public IP address and tunnel mode will be point-to-multipoint.
HQ Configuration will be like for Dynamic Remote (Spoke) IP address as:
interface Tunnel0
description mGRE - DMVPN Tunnel
ip address 172.16.0.1 255.255.255.0
no ip redirects
ip nhrp authentication firewall
ip nhrp map multicast dynamic
ip nhrp network-id 1
tunnel source 1.1.1.1 <Interface WAN Interface IP>
tunnel mode gre multipoint
Spoke Tunnel configuration as:
interface Tunnel0
04-29-2019 01:09 AM
Agree with you.
here are my config:
Remote:
Int gig0/0/2
desc *** Cradelpoint Router ***
ip address DHCP --> 37.85.167.30
ip mtu 1300
ip access-group internet in
ip tcp adjust-mss 1260
negotiation auto
no shut
!
int Tunnel 599
ip address 10.13.97.99 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication CRALTE
ip nhrp map 10.13.97.4 195.243.205.120
ip nhrp map multicast 195.243.205.120
ip nhrp network-id 99
ip nhrp holdtime 300
ip nhrp nhs 10.13.97.4
ip tcp adjust-mss 1360
tunnel source GigabitEthernet0/0/2
tunnel mode gre multipoint
tunnel key 99
!
ip route 195.243.205.120 255.255.255.255 gig0/0/2 DHCP
---------------------------------------------------------------------------
HQ:
interface Tunnel599
ip address 10.13.97.4 255.255.255.0
no ip redirects
ip nhrp authentication CRALTE
ip nhrp map multicast dynamic
ip nhrp network-id 99
ip nhrp holdtime 300
ip tcp adjust-mss 1360
tunnel source 195.243.205.120
tunnel mode gre multipoint
tunnel key 99
!
ip route <?> 255.255.255.255 195.243.205.99 name LTE_BKP_99
my issue is routing on HQ router! (I am using static IP routing for all other 40 locations)
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide