Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
788
Views
3
Helpful
3
Replies

DMVPN phase 1 - Design

aoshea
Level 1
Level 1

‎04-11-2005 12:31 AM - edited ‎03-03-2019 09:15 AM

Dear Support,

I am going to implement DMVPN between three European sites (spokes) and a central hub in London.

I have already bought the equipment 3 x 2811 adv security (spokes) and a 2851 with vpn accelerator card / adv security (hub site).

I am just about to put pen to paper and do the design and just need some assistance on any missing information I need.

I wish to implement just phase 1 of dmvpn as I don't want to have spoke-to-spoke connectivity just yet.

The information I have gathered so far is;

SHDSL connection info at remote sites

Lease line addressing in London

Remote site LAN addresses

Tunnel addresses

Key and password details

Is there any other information that I’ll need or a web page that details the prerequisites for setting this up.

Your help is appreciated.

regards, Adrian.

Labels:
0 Helpful
3 Replies 3

sachinraja
Level 9
Level 9

‎04-11-2005 03:24 AM

Hi Adrian

IP addressing is one key point that you have to take care of.. make sure u dont have overlapping addresses.. otherwise, you have to take into consideration NAT/PAT with IPSEC and the problems arising due to NAT/PAT....

apart from this, you have most of them in the list.. lemme give some of them again:

1) peer ip addresses of all the locations

2) routing decisions ?? static / dynamic etc ?

3) backup routing and vpn backup ???

4) preshared/RSA keys for all the locations

5) ISAKMP policies for the locations , (encryption, authentication, group, lifetime parameters)... you need to standardise on these values...

6) remote LAN addresses for defining interesting traffic / crypto ACL's

7) VAC card on the central location if the no of tunnels becomes more (i think u already have this)

not sure if i had missed anything.. anyway, all the best...

Raj

thisisshanky
Level 11
Level 11

‎04-11-2005 08:37 AM

Adrian,

In addition to above, here is a good resource for configuring DMVPN.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_white_paper09186a008018983e.shtml#dualhubsingle

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus
0 Helpful

devsharma
Level 1
Level 1

‎04-11-2005 12:57 PM

Adrian,

Here is another link which can give you exact configuration information for implementing DMVPN,I implemented it on 35 sites using a dual hub model and it works perfect.Another thing you might look at is the MTU requirement of the application you are going to run over this VPN because sometimes that can be a night mare.You might run into fragmentation,performance issue if right MTU is not selected.

Here is the link:

http://www.cisco.com/warp/public/105/dmvpn.html

Another easy way I wud suggest you to make use of Security Device Manager software available in IOS,tht will give you a basic framework to test the implementation.It gives you a nice template which works perfectly fine.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card