I have a case where one router (R1) is connected to basic land based Internet using static IP. The other router (R2) is connected to Internet using several 3G/4G operators using both static and dynamic IPs.
I've researched and done some testing on how to connect these two routers and have them establish OSPF. The static IPs are easy using GRE but what about the providers who only give me a dynamic or even NATed IP? What would I look at for them, Performance routing, DMVPN?
Yes it should be Ok to establish an IPSec tunnel with one point having static IP address and the other is dynamic. Please not this Option allows Only one end to initiate the IPSec to the other end not from both ways.
Unfortunately, DMVPN is an option but not in this case. DMVPN is designed for Hub and Spoke topology not a point to point connection.
OSPF cant be established if the neighbours are not directly connected.
DMVPN could be used also in this case. It would be a hub with just one spoke. But the DMVPN overhead is not needed in this case.
Good to know that GRE header is not required for VTIs. Apparently, OSPF is carried over IPSec natively in this case. I had always assumed there is a GRE header by default when using tunnel interfaces.
GRE is the default encsulation for tunnel-interfaces. But there are multiple options to modify that.
I would use DVTI on the static side and VTI on the dynamic side.
DMVPN is applicable,
I have installed such via a 4g solution for some spoke sites with a dynamic ip addressing, the DMVPN Hub headend is setup to use Nat-T for incoming connections
I uploaded a quick schematic to show what I'm aiming for
I've set up one connection using NHRP and multipoint GRE but that was using only one mobile operator. I didn't get the second operator on the same router to work using NHRP. Is that supposed to work? Isn't DMVPN meant for connecting multiple sites/users to a router using one ISP/user? Encryption isn't a priority.