DMVPN and EIGRP

MrBeginner · ‎08-30-2019

Dear All,

I would like to ask about network design.

I would like to run DMVPN . I am using eigrp to carry my LAN network.

But i am confuse in below design diagram. I can carry 10.1.2.0/24 with eigrp. But i don't know how to carry 10.2.22.0/24 and 10.1.4.0/24. I don't want to carry 10.1.4.0/24. Some body suggest to use EIGRP STUB.

What kind of protocol do i need to use to carry network.Let me know any security issue if i use eigrp ?

user1024 · ‎08-30-2019

Are those Cisco ASA firewalls? If so then you can also run EIGRP on them in order for your hub router to learn the other prefixes. If it's not Cisco then you can utilize another routing protocol such as OSPF and do mutual redistribution on the hub depending on your requirements. Otherwise, you can use static routes on the hub and redistribute those into EIGRP. Any of these options will allow the spoke to dynamically learn the networks behind the firewalls.

If you are worried about security then whichever routing protocol you decide to use you can configure authenticated routing.

MrBeginner · ‎09-02-2019

Hi,

I am using third party FW. I aslo want to use static route.Let me know any recommend ?

I also want to run Dual Home DMVPN , Iet me know can i design as below diagram ?

I want to run HSRP and i want to use 2 switch ? Let me know what kind of inter-connectivity do i need

between HUB 1 and HUB 2 ?

Last time i run inter vlan routing in HUB 1 before i run Dual home and HSRP..It is connect to SW and IP is 10.1.1.0/24. so let me know can i still use inter vlan routing ? Or Should i directly connect to Router or should i move to behind FW and remove inter vlan routing ? Let me know What is the best practice ?

Georg Pauwen · ‎09-02-2019

Hello,

what are the exact devices you are using, and how are you planning to interconnect them for redundancy ? HSRP is used for LAN, not WAN redundancy.

Have a look at the links below for sample configs:

https://www.grandmetric.com/knowledge-base/design_and_configure/dmvpn-phase-3-single-hub-ospf-spoke-example/

https://juantron.wixsite.com/my-networking-online/dmvpn-dual-hub-ospf

MrBeginner · ‎09-03-2019

Hi ,

Sorry for my question .My firewall is paloalto firewall.

i am using eigrp for each site.I have plan to static route for behind firewall. I cannot runt additional routing protocol for some network because those are not under my control.So i can run static route only.

So i would like to know can i use HSRP for LAN with inter vlan routing together and EIGRP also ?

Georg Pauwen · ‎09-03-2019

Hello,

I cannot tell from the topology drawing you posted where the redundant HSRP devices are located, behind, or in front of, the firewalls ? And you also have redundant firewalls ? For HSRP, you need two Layer 3 devices on the LAN side.

We need to know what devices are placed exactly where before we can provide answers that make sense...

MrBeginner · ‎09-03-2019

Hi ,

I want to run as below diagram.I want to run HSRP on my HUB1 router and HUB2.I also run daulhome DMVPN with eigrp to carry internet work and i want to run static route for 10.1.3.0/24,10.1.4.0/24, 10.3.1.0/24 and 10.2.22.0/24.I also want to advertise some the static route network to other branches.This is the reason how can solve ?

Sorry my bad technical skill.

Ron Reid · ‎09-03-2019

You can do this by redistributing static with a route-map and access list.

eg:

ip access-list standard STATIC->EIGRP

permit 10.2.22.0 0.0.0.255

permit 10.1.4.0 0.0.0.255

route-map STATIC->EIGRP permit 10
match ip address STATIC->EIGRP

ip eigrp 555

redistribute static route-map STATIC->EIGRP

network 10.1.2.0 0.0.0.255

This should selectively redistribute just the subnets in the access-list

Ron Reid · ‎09-03-2019

correction in my example,

for "ip eigrp 555" read "router eigrp 555"