cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1808
Views
0
Helpful
3
Replies

DMVPN Hub With Dual WAN

robardill
Level 1
Level 1

Hi,

Our primary link was being saturated and a second ADSL HWIC was installed into the 1841 to host the DMVPN Hub on a dedicated ADSL circuit.

Dialer0 is the default gateway for general internet traffic and the Dialer1 hosts the DMVPN Hub.

The problem I'm trying to solve is how to get the mGRE Tunnel to use Dialer1 without having to install manual routes to the spokes, which some are on dynamic IP's.

I've tried local PBR without any success.

The information is I have read here and other places suggests to use VRF-Lite, but I'm not sure how to adjust the config. I hoping someone might be able to shine some light on how to achive this.

The below config is working, with exception to needing the static routes.

With the static routes removed the spokes still register NHRP, but it's not possible to ping the spoke end of the tunnels, nor does EIGRP propagate routes.

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname Cisco1841

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

no logging buffered

logging rate-limit 20

enable secret xxxx

enable password xxxx

!

aaa new-model

!

!

aaa authentication login default local

aaa authentication ppp default local

aaa authorization network PPTP local

!

!

aaa session-id common

dot11 syslog

no ip source-route

no ip icmp rate-limit unreachable DF

!

!

ip cef

!

multilink bundle-name authenticated

!

vpdn enable

!

!

username xxxxx privilege 15 password xxxxxx

!

crypto isakmp policy 10

hash md5

authentication pre-share

crypto isakmp key xxxxx address 0.0.0.0 0.0.0.0

!

!

crypto ipsec transform-set STRONG esp-3des esp-md5-hmac

mode transport

!

crypto ipsec profile CISCO

set security-association lifetime seconds 120

set transform-set STRONG

!

!

!

!

ip tcp path-mtu-discovery

ip ssh source-interface FastEthernet0/0

!

!

!

interface Tunnel0

ip address 192.168.100.1 255.255.255.0

no ip redirects

ip mtu 1380

no ip next-hop-self eigrp 90

ip nhrp authentication xxxxxx

ip nhrp map multicast dynamic

ip nhrp network-id 1

ip nhrp holdtime 300

ip tcp adjust-mss 1340

no ip split-horizon eigrp 90

tunnel source Dialer1

tunnel mode gre multipoint

tunnel key 0

tunnel route-via Dialer1 mandatory

tunnel path-mtu-discovery

tunnel protection ipsec profile CISCO

!

interface FastEthernet0/0

description LAN

ip address 192.168.5.1 255.255.255.0

ip nbar protocol-discovery

ip flow egress

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1412

no ip mroute-cache

duplex auto

speed auto

!

interface ATM0/0/0

no ip address

no ip mroute-cache

no atm ilmi-keepalive

hold-queue 224 in

pvc 8/35

  encapsulation aal5snap

  protocol ppp dialer

  dialer pool-member 1

!

!

interface ATM0/1/0

no ip address

no ip mroute-cache

no atm ilmi-keepalive

dsl operating-mode adsl2+

hold-queue 224 in

pvc 8/35

  encapsulation aal5snap

  protocol ppp dialer

  dialer pool-member 2

!

interface Dialer0

description ADSL2+ (a.a.a.a)

ip address negotiated

ip mtu 1492

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer-group 1

no cdp enable

ppp chap hostname xxxxx

ppp chap password xxxxx

!

interface Dialer1

description ADSL2+ (b.b.b.b)

ip address negotiated

ip mtu 1492

ip virtual-reassembly

encapsulation ppp

dialer pool 2

dialer-group 2

no cdp enable

ppp chap hostname xxxx

ppp chap password xxxxx

!

router eigrp 90

redistribute static

network 192.168.5.0

network 192.168.100.0

no auto-summary

!

ip local policy route-map local

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer0

!

!static routes to spokes

ip route c.c.c.c 255.255.255.255 Dialer1

ip route d.d.d.d 255.255.255.255 Dialer1

ip route e.e.e.e 255.255.255.255 Dialer1

ip route f.f.f.f 255.255.255.255 Dialer1

no ip http server

no ip http secure-server

!

!

ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload

!

access-list 100 remark IPs To NAT

access-list 100 permit ip 192.168.5.0 0.0.0.255 any

access-list 198 permit ip host b.b.b.b any

access-list 199 permit ip host a.a.a.a any

no cdp run

!

route-map SDM_RMAP_1 permit 1

match ip address 100

match interface Dialer0

!

route-map local permit 10

match ip address 198

set interface Dialer1

route-map local permit 20

match ip address 199

set interface Dialer0

!