Our primary link was being saturated and a second ADSL HWIC was installed into the 1841 to host the DMVPN Hub on a dedicated ADSL circuit.
Dialer0 is the default gateway for general internet traffic and the Dialer1 hosts the DMVPN Hub.
The problem I'm trying to solve is how to get the mGRE Tunnel to use Dialer1 without having to install manual routes to the spokes, which some are on dynamic IP's.
I've tried local PBR without any success.
The information is I have read here and other places suggests to use VRF-Lite, but I'm not sure how to adjust the config. I hoping someone might be able to shine some light on how to achive this.
The below config is working, with exception to needing the static routes.
With the static routes removed the spokes still register NHRP, but it's not possible to ping the spoke end of the tunnels, nor does EIGRP propagate routes.
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cisco1841
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
no logging buffered
logging rate-limit 20
enable secret xxxx
enable password xxxx
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication ppp default local
aaa authorization network PPTP local
!
!
aaa session-id common
dot11 syslog
no ip source-route
no ip icmp rate-limit unreachable DF
!
!
ip cef
!
multilink bundle-name authenticated
!
vpdn enable
!
!
username xxxxx privilege 15 password xxxxxx
!
crypto isakmp policy 10
hash md5
authentication pre-share
crypto isakmp key xxxxx address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set STRONG esp-3des esp-md5-hmac
mode transport
!
crypto ipsec profile CISCO
set security-association lifetime seconds 120
set transform-set STRONG
!
!
!
!
ip tcp path-mtu-discovery
ip ssh source-interface FastEthernet0/0
!
!
!
interface Tunnel0
ip address 192.168.100.1 255.255.255.0
no ip redirects
ip mtu 1380
no ip next-hop-self eigrp 90
ip nhrp authentication xxxxxx
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip nhrp holdtime 300
ip tcp adjust-mss 1340
no ip split-horizon eigrp 90
tunnel source Dialer1
tunnel mode gre multipoint
tunnel key 0
tunnel route-via Dialer1 mandatory
tunnel path-mtu-discovery
tunnel protection ipsec profile CISCO
!
interface FastEthernet0/0
description LAN
ip address 192.168.5.1 255.255.255.0
ip nbar protocol-discovery
ip flow egress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
no ip mroute-cache
duplex auto
speed auto
!
interface ATM0/0/0
no ip address
no ip mroute-cache
no atm ilmi-keepalive
hold-queue 224 in
pvc 8/35
encapsulation aal5snap
protocol ppp dialer
dialer pool-member 1
!
!
interface ATM0/1/0
no ip address
no ip mroute-cache
no atm ilmi-keepalive
dsl operating-mode adsl2+
hold-queue 224 in
pvc 8/35
encapsulation aal5snap
protocol ppp dialer
dialer pool-member 2
!
interface Dialer0
description ADSL2+ (a.a.a.a)
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp chap hostname xxxxx
ppp chap password xxxxx
!
interface Dialer1
description ADSL2+ (b.b.b.b)
ip address negotiated
ip mtu 1492
ip virtual-reassembly
encapsulation ppp
dialer pool 2
dialer-group 2
no cdp enable
ppp chap hostname xxxx
ppp chap password xxxxx
!
router eigrp 90
redistribute static
network 192.168.5.0
network 192.168.100.0
no auto-summary
!
ip local policy route-map local
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!static routes to spokes
ip route c.c.c.c 255.255.255.255 Dialer1
ip route d.d.d.d 255.255.255.255 Dialer1
ip route e.e.e.e 255.255.255.255 Dialer1
ip route f.f.f.f 255.255.255.255 Dialer1
no ip http server
no ip http secure-server
!
!
ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
!
access-list 100 remark IPs To NAT
access-list 100 permit ip 192.168.5.0 0.0.0.255 any
access-list 198 permit ip host b.b.b.b any
access-list 199 permit ip host a.a.a.a any
no cdp run
!
route-map SDM_RMAP_1 permit 1
match ip address 100
match interface Dialer0
!
route-map local permit 10
match ip address 198
set interface Dialer1
route-map local permit 20
match ip address 199
set interface Dialer0
!