DMVPN design. Spokes will all be static

insccisco · ‎09-03-2009

Hi Guys,

I have a setup where I have a spoke router and 4 clients. The clients will grow and the configuration that we currently have seems to not be able to scale well.

For every new client we add, we have to make a new static crypto map, new tunnel interface and add the new client network to the access lists.

There is a very good book that I am following, The Complete Cisco VPN Configuration Guide. There is a pretty good example on this book, however it assumes that the spokes will be behind dynamic ISPs and that they will need to talk to each other.

In this setup, the spokes are all static and wont need to talk to each. What is the best approach for this?

thanks

Giuseppe Larosa · ‎09-03-2009

Hello Angel,

DMVPN can be deployed with or without spoke to spoke direct communication.

But I recommend to deploy a routing protocol to make it really auto-adaptive.

You can use EIGRP that will give you with default settings no spoke to spoke dynamic tunnel.

see

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/DMVPDG.html

Hope to help

Giuseppe

insccisco · ‎09-04-2009

Giuseppe,

that is a great link... actually very sexy link. I am currently reading it and it is just great.. lots of info. Im not on the examples part yet, but once I get there, I will start coding.

The environment I have is a bit messy, but I will fix it using the DMVPN concept.

Question though, if I change the isakmp crypto on the headend server to IPSec profiles, would I have to do the same on the branch devices?