cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1813
Views
15
Helpful
7
Replies

Public IP Address Requirement for DMVPN Hub vs. Spokes

SaintEvn
Level 1
Level 1

Hi,
I would like to know with cisco DMVPN solution,
"only HUB site need to have Public IP address and the other spoke sites do not need to have public IP address"
Is it correct? As long as the spoke sites get access to the internet, DMVPN will be work ?
If it can be work, how about spoke to spoke connection? it can also be work with no public ip address on spoke sites?

We are planning to use DMVPN for our organization and public ip address requirement is really confused for me.
Thank you all !

1 Accepted Solution

Accepted Solutions

HUB required static IP with stable connection.

Spoke - can be any media as long as they able to reach HUB IP address  to build the tunnel.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

7 Replies 7

balaji.bandi
Hall of Fame
Hall of Fame

YES , DMVPN HUB need to have Public IP, Spokes can be dynamic.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Thank you so much !!
So, Spoke Sites do not need public ip address and can use any type of internet connection ?
Is my understanding correct?

HUB required static IP with stable connection.

Spoke - can be any media as long as they able to reach HUB IP address  to build the tunnel.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi All,

I've done labbing and , yes the Spoke without Public IP (behind NAT device) can support spoke to spoke connection

PNET/EVE-NG nice tool for PoC and Labbing. Nice stuff and test.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

chesterr
Level 1
Level 1

In my opinion you need:

HUB: public static ip

Spoke: static or dynamic public ip

Joseph W. Doherty
Hall of Fame
Hall of Fame

As mentioned by others, hub and spoke(s) need public IPs (on/across the Internet). The major difference, though, is the hub needs to be fixed/static, while spoke(s) can be dynamically assigned public IPs.

The reason for this, on the spoke(s) you configure the hub's public IP (so the spoke "knows") where to send its traffic. Using NHRP the spoke can inform the hub what IP it's using. The spoke informs the hub, what IP to send a particular spoke's traffic to.

Of course, a spoke can also use a static/fixed IP too.

I believe spoke-to-spoke also works with spokes having dynamic IPs. Basically, a spoke will query the hub for what IP the other spoke is using. (I've built Internet DMVPN using both static and dynamic spoke IPs, but have not done spoke-to-spoke, where a tunnel is dynamically built between spokes [as there's are, or were, considerations for using this feature].)

BTW, if a spoke's IP is dynamically changed (while being used), I believe it informs the hub. I.e. DMVPM will continue to work between hub and spoke, although there might be a network "blip".

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco