It will be 871W to hub router. The laptop is going to be serving as the internet connection for the 871W. Yeah, I'm gonna take it down the street and test it.

OK, so 871W piggybacking laptop didn't establish a tunnel. I took the router inside and plugged directly into friends wireless router, yet still no results. Can a GRE tunnel spoke establish a tunnel when it's behind NAT? I'm reading yes and no and kind of confused.

You can try terminating IPSec or PPTP from your laptop to the Hub router.

I am not sure when you say bridge the two intrfaces, the router would share the address with your laptop interface or not. Behind the NAT or not, GRE would originate packets from it's own interface address. if it's NATed, checksum would change so checksum may be disabled in the first place.

Thanks.

Once you have an IPSec tunnel across I don't think there would be a need for a GRE then.

Thanks.

Hello Robert,

Yes, GRE tunnels work behind NAT.

Best Regards

Please rate all helpful posts and close solved questions

Try bringing your GRE up with keepalives disabled.

Sent from Cisco Technical Support iPhone App

OK, so I am at a loss here. Attached are the configs from the hub and spoke. For the love me, I can't get this thing to establish. Does anyone see where I am goofing?

Spoke

interface Tunnel1

description Tunnel to Craig House GRE

ip address 10.10.20.2 255.255.255.0

ip mtu 1472

ip nhrp map 10.10.20.1 68.3.X.X

ip nhrp map multicast 68.3.X.X

ip nhrp network-id 1

ip nhrp nhs 10.10.20.1

ip tcp adjust-mss 1400

ip ospf network broadcast

tunnel source FastEthernet4

tunnel key XX

end

Hub

interface Tunnel5

description Test DMVPN

ip address 10.10.20.1 255.255.255.0

no ip redirects

ip mtu 1472

ip nhrp map multicast dynamic

ip nhrp network-id 1

ip tcp adjust-mss 1400

ip ospf network broadcast

tunnel source GigabitEthernet0/0

tunnel mode gre multipoint

tunnel key XX

The only thing out of "debug tunnel" on the spoke is below.

*Mar  5 07:43:19.284: Tunnel1 count tx, adding 0 encap bytes

*Mar  5 07:43:22.209: Tunnel1: GRE/IP encapsulated 172.20.10.4->68.3.X.X (linktype=7, len=104)

*Mar  5 07:43:22.209: Tunnel1 count tx, adding 0 encap bytes

*Mar  5 07:43:23.477: Tunnel1: adjacency fixup, 172.20.10.4->68.3.X.X, tos set to 0x0

*Mar  5 07:43:28.978: Tunnel1: adjacency fixup, 172.20.10.4->68.3.X.X, tos set to 0x0

*Mar  5 07:43:31.375: Tunnel1: GRE/IP encapsulated 172.20.10.4->68.3.X.X (linktype=7, len=104)

*Mar  5 07:43:31.375: Tunnel1 count tx, adding 0 encap bytes

*Mar  5 07:43:34.479: Tunnel1: adjacency fixup, 172.20.10.4->68.3.X.X, tos set to 0x0

*Mar  5 07:43:39.981: Tunnel1: adjacency fixup, 172.20.10.4->68.3.X.X, tos set to 0x0

*Mar  5 07:43:41.077: Tunnel1: GRE/IP encapsulated 172.20.10.4->68.3.X.X (linktype=7, len=104)

*Mar  5 07:43:41.077: Tunnel1 count tx, adding 0 encap bytes

Hello Robert,

From information you have provided it seems that configuration is ok, except one thing.

Spoke

interface Tunnel1

tunnel mode gre multipoint is mising, default mode is mode gre ip, i think.

If this will not help, try to follow this tutorial step by step ->

http://www.fir3net.com/Cisco-Router/dmvpn-tutorial.html

Best Regards

Please rate all helpful posts and close solved questions

Your missing the tunnel destination on the spoke tunnel interface for the hub

Sent from Cisco Technical Support iPad App

OK, so everything I've configured seems like it should work. Below is the spoke router config. I know the router config is very simple, but this is just for testing. When the tunnel actually comes up, I'll do a lot more. I am thinking that maybe I need to configure NAT on the spoke and source the tunnel from a Loopback?

Router#show run

Building configuration...

Current configuration : 1920 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot system flash:c870-advipservicesk9-mz.124-24.T8.bin

boot-end-marker

!

logging message-counter syslog

!

no aaa new-model

!

!

dot11 syslog

no ip subnet-zero

ip source-route

!

!

!

!

ip cef

no ipv6 cef

!

multilink bundle-name authenticated

!

!

!

username craigrobertlee privilege 15 password 0 HHCimo!@#$1234

!

!

!

archive

log config

  hidekeys

!

!

!

!

!

interface Loopback0

ip address 192.168.0.10 255.255.255.255

!

interface Tunnel1

description Tunnel to Craig House GRE

ip address 10.10.20.2 255.255.255.0

no ip redirects

ip mtu 1472

ip nhrp map 10.10.20.1 68.3.X.X

ip nhrp map multicast 68.3.X.X

ip nhrp network-id 1

ip nhrp nhs 10.10.20.1

ip tcp adjust-mss 1400

ip ospf network broadcast

tunnel source FastEthernet4

tunnel mode gre multipoint

tunnel key 50

!

interface FastEthernet0

!

interface FastEthernet1

switchport access vlan 50

switchport voice vlan 50

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

ip address dhcp

duplex auto

speed auto

!

interface Dot11Radio0

no ip address

shutdown

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

!

interface Vlan1

no ip address

shutdown

!

interface Vlan50

ip address 192.168.50.1 255.255.255.0

!

router ospf 1

log-adjacency-changes

passive-interface default

no passive-interface Tunnel1

network 10.10.20.0 0.0.0.255 area 0

network 192.168.0.10 0.0.0.0 area 0

network 192.168.50.0 0.0.0.255 area 0

!

ip forward-protocol nd

ip route 192.168.4.0 255.255.255.0 10.10.20.1 name Test

no ip http server

no ip http secure-server

!

!

!

!

!

!

!

!

control-plane

!

!

line con 0

login local

no modem enable

line aux 0

line vty 0 4

login local

!

scheduler max-task-time 5000

end

Router#exit

Hello Robert,

Did your configuration work? Is tunnel interface operational?

Yes, you will have to configure NAT, entire traffic needs to be translated to WAN (Fa4) IP address. Also tunnel interface must be sourced from Fa4 interface.

Reason for this is, that you obtain IP from DHCP (like laptop) and you need to hide entire traffic behind this IP address, cause if you dont, traffic will arrive on wifi default gateway and will be dropped as unknown.

Best Regards

Please rate all helpful posts and close solved questions