Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
849
Views
0
Helpful
2
Replies

Distribute VPN client route in DMVPN - EIGRP

Go to solution
mickd08
Level 1
Level 1

‎08-30-2018 12:39 AM

Hello,

I want to advertise a VPN client route to DMVPN spoke sites.

VPN clients connect to the DMVPN hub which has EIGRP setup as follows;

 

router eigrp 10
maximum-paths 1
network 10.1.1.1 0.0.0.0 (tunnel1)
network 10.2.1.1 0.0.0.0 (tunnel2)
network 192.168.1.0 (local lan)
network 192.168.10.0 (vpn client pool)

network 1.1.1.1 0.0.0.0 (loopback)

 

In this configuration, the 192.168.10 route does not get advertised via EIGRP.

When a VPN client connects, it can route to all the DMVPN hub interfaces but not to the spokes.

 

If I add the "redistribute static" command, the route is then advertised as an external route to all the spokes and all works as desired.

 

Is there any potential issues with advertising the route in this manner?

 

Cheers 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP

‎08-30-2018 01:12 AM

Hello,

 

as far as I recall, this is by design. The DMVPN hub creates static host routes for your VPN clients, however there is no real interface with an IP address from your VPN client pool (192.168.10.0/24 in your case) existing on your hub, so EIGRP cannot advertise any interface from this range...

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Georg Pauwen
VIP
VIP

‎08-30-2018 01:12 AM

Hello,

 

as far as I recall, this is by design. The DMVPN hub creates static host routes for your VPN clients, however there is no real interface with an IP address from your VPN client pool (192.168.10.0/24 in your case) existing on your hub, so EIGRP cannot advertise any interface from this range...

0 Helpful

Go to solution
mickd08
Level 1
Level 1
In response to Georg Pauwen

‎09-06-2018 12:42 AM

Thanks for your reply.

For anyone else who comes across this, I used a "redistribute static" with "route map" in the final config in order to suppress the default route from being redistributed from the DMVPN hub - this was causing a "looped chain attempting to stack" error between the two DMVPN tunnels.

 

router eigrp 10
maximum-paths 1
network 10.1.1.1 0.0.0.0 (tunnel1)
network 10.2.1.1 0.0.0.0 (tunnel2)
network 192.168.1.0 (local lan)
network 1.1.1.1 0.0.0.0 (loopback)

redistribute static metric 100 10000 255 1 1500 route-map DISTRIBUTED-EXTERNAL-ROUTE
!
!
ip prefix-list DISTRIBUTED-EXTERNAL-ROUTES-LIST seq 10 permit 192.168.10.0/24 ge 32

route-map DISTRIBUTED-EXTERNAL-ROUTE permit 10
match ip address prefix-list DISTRIBUTED-EXTERNAL-ROUTES-LIST
route-map DISTRIBUTED-EXTERNAL-ROUTE deny 100

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card