cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
349
Views
15
Helpful
7
Replies
Highlighted
Beginner

Public IP Address Requirement for DMVPN Hub vs. Spokes

Hi,
I would like to know with cisco DMVPN solution,
"only HUB site need to have Public IP address and the other spoke sites do not need to have public IP address"
Is it correct? As long as the spoke sites get access to the internet, DMVPN will be work ?
If it can be work, how about spoke to spoke connection? it can also be work with no public ip address on spoke sites?

We are planning to use DMVPN for our organization and public ip address requirement is really confused for me.
Thank you all !

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

HUB required static IP with stable connection.

Spoke - can be any media as long as they able to reach HUB IP address  to build the tunnel.

 

BB
*** Rate All Helpful Responses ***

View solution in original post

7 REPLIES 7
Highlighted
VIP Mentor

YES , DMVPN HUB need to have Public IP, Spokes can be dynamic.

 

 

BB
*** Rate All Helpful Responses ***
Highlighted

Thank you so much !!
So, Spoke Sites do not need public ip address and can use any type of internet connection ?
Is my understanding correct?
Highlighted

HUB required static IP with stable connection.

Spoke - can be any media as long as they able to reach HUB IP address  to build the tunnel.

 

BB
*** Rate All Helpful Responses ***

View solution in original post

Highlighted

Hi All,

I've done labbing and , yes the Spoke without Public IP (behind NAT device) can support spoke to spoke connection

Highlighted

PNET/EVE-NG nice tool for PoC and Labbing. Nice stuff and test.

BB
*** Rate All Helpful Responses ***
Highlighted
Beginner

In my opinion you need:

HUB: public static ip

Spoke: static or dynamic public ip

Highlighted
VIP Expert

As mentioned by others, hub and spoke(s) need public IPs (on/across the Internet). The major difference, though, is the hub needs to be fixed/static, while spoke(s) can be dynamically assigned public IPs.

The reason for this, on the spoke(s) you configure the hub's public IP (so the spoke "knows") where to send its traffic. Using NHRP the spoke can inform the hub what IP it's using. The spoke informs the hub, what IP to send a particular spoke's traffic to.

Of course, a spoke can also use a static/fixed IP too.

I believe spoke-to-spoke also works with spokes having dynamic IPs. Basically, a spoke will query the hub for what IP the other spoke is using. (I've built Internet DMVPN using both static and dynamic spoke IPs, but have not done spoke-to-spoke, where a tunnel is dynamically built between spokes [as there's are, or were, considerations for using this feature].)

BTW, if a spoke's IP is dynamically changed (while being used), I believe it informs the hub. I.e. DMVPM will continue to work between hub and spoke, although there might be a network "blip".

Content for Community-Ad