04-11-2005 12:31 AM - edited 03-03-2019 09:15 AM
Dear Support,
I am going to implement DMVPN between three European sites (spokes) and a central hub in London.
I have already bought the equipment 3 x 2811 adv security (spokes) and a 2851 with vpn accelerator card / adv security (hub site).
I am just about to put pen to paper and do the design and just need some assistance on any missing information I need.
I wish to implement just phase 1 of dmvpn as I don't want to have spoke-to-spoke connectivity just yet.
The information I have gathered so far is;
SHDSL connection info at remote sites
Lease line addressing in London
Remote site LAN addresses
Tunnel addresses
Key and password details
Is there any other information that Ill need or a web page that details the prerequisites for setting this up.
Your help is appreciated.
regards, Adrian.
04-11-2005 03:24 AM
Hi Adrian
IP addressing is one key point that you have to take care of.. make sure u dont have overlapping addresses.. otherwise, you have to take into consideration NAT/PAT with IPSEC and the problems arising due to NAT/PAT....
apart from this, you have most of them in the list.. lemme give some of them again:
1) peer ip addresses of all the locations
2) routing decisions ?? static / dynamic etc ?
3) backup routing and vpn backup ???
4) preshared/RSA keys for all the locations
5) ISAKMP policies for the locations , (encryption, authentication, group, lifetime parameters)... you need to standardise on these values...
6) remote LAN addresses for defining interesting traffic / crypto ACL's
7) VAC card on the central location if the no of tunnels becomes more (i think u already have this)
not sure if i had missed anything.. anyway, all the best...
Raj
04-11-2005 08:37 AM
Adrian,
In addition to above, here is a good resource for configuring DMVPN.
04-11-2005 12:57 PM
Adrian,
Here is another link which can give you exact configuration information for implementing DMVPN,I implemented it on 35 sites using a dual hub model and it works perfect.Another thing you might look at is the MTU requirement of the application you are going to run over this VPN because sometimes that can be a night mare.You might run into fragmentation,performance issue if right MTU is not selected.
Here is the link:
http://www.cisco.com/warp/public/105/dmvpn.html
Another easy way I wud suggest you to make use of Security Device Manager software available in IOS,tht will give you a basic framework to test the implementation.It gives you a nice template which works perfectly fine.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide