To configure a simple single tiered headened, single cloud single hub, spoke-to-spoke DMVPN
There are numerous excellent documents on CCO about configure some very complex spoke-to-spoke scenarios, but it's very diffcult to find one that simply shows you how to configure a simple spoke-to-spoke DMVPN cloud.
The biggest difference between a hub-and-spoke and spoke-to-spoke tunnel is the manner in whic traffic between two spokes are routed. As in the hub-and-spoke model, the spoke-to-hub tunnels are continuously up, however, unlike in hub-and-spoke, when one spoke wants to communicate to another spoke it doesn't do so via the hub. Instead, when a spoke wants to transmit a packet to another spoke, it uses NHRP to dynamically determine the required destination address of the target spoke. The hub router acts as the NHRP server and handles this request for the source spoke, but there ends it's role in this particular transaction. The two spokes then dynamically create an IPsec tunnel between them (via the single mGRE interface) and data can be directly transferred. This dynamic spoke-to-spoke tunnel will be automatically torn down after a (configurable) period of inactivity.
Now because the tunnel is dynamic, there are a couple of things that you need to keep in mind when configuring a spoke-to-spoke DMVPN:
1. The spokes can no longer be a point-to-point tunnel. Like the hub they will need to be able to dynamically accept incoming SA requests. Hence, all tunnels in a spoke-to-spoke setup are multipoint (aka mGRE) tunnels.
2. The spokes still learn all routing updates via the hub, since the EIGRP(or any other dynamic Routing Protocol) neighborships are still formed only between the hub and the spoke. Therefore, the hub must be configured so that it doesn't set itself as the next hop for all routes that it advertises. This way, the spoke will learn the original next hop of a particular subnet, and accordingly try to build a tunnel to that "next hop"(spoke) when routing traffic to that subnet.
I am taking this exam tomorrow. There hasn't been much study material since its release and I am not willing to pay $1000 for the Cisco training. The exam cost is already $400. I am taking this to renew my CCNA and Cyber Ops Associate.&n...
Hi Team,I'm having some issue that I'm almost sure that I've succeeded with it in the past. We have a device type "x", and we want the following thing : 1. Admins user [an AD group] - will have privilege 152. Internal User "user" - will be...
Hi Guys,I have deployed and actively running ISE (SNS-3615-k9).Today I have monitored two LEDs blinking in amber color. One is "FAN" icon and other one is "S" icon. Both LEDs' are blinking continuously. What are the possible reasons for them. (Please...
Only Error Message I receive is "Login Error".My Logindata is correct and several of my colleagues have the same issue.How do we fix it?Message history below.9:30:46 PM Contacting unibn-vpn.9:30:52 PM User credentials entered.9:30:55 PM User credenti...