Solved: DMVPN - Where to begin?

jhotles · ‎09-24-2013

Hi folks,

I have designed a "hub and spoke" network that will consist of roughly 4 locations over Public Internet. My design was to run them in a DMVPN configuration utilizing EIGRP Routing Protocol - With this said, i'm not entirely sure how to begin?

I am installing the CORE or HUB location first, that is a given - I am not a big fan of access-lists but pretty much assume that I have to utilize this moving forward in this project.

Each Spoke or Branch location will have it's own Internet connection with a single Public IP Address - I have a mix of 1900, 2900 and 3900 series ISR's in the field at the Branch locations all connecting back to a single 3945 Core. Would someone be able to explain how I should attack this?

Do I need to configure each site at the main location and then bring them, online as I go? Or, do I just do some dynamic configuration to allow for this to take place? I am unsure exactly how to start this off, but I am assuming it's not going to be that difficult, correct?

Thanks for your help in advance...

Marvin Rhoads · ‎09-24-2013

You'd get better interest in the VPN forum, but here're some tips:

I'd browse through the Cisco DMVPN Design Guide. That lays out both the high level considerations and gives detailed configuration files accommodating a lot of scenarios.

If that's a bit overwhelming, you can just skim that and then fall back to the free Cisco Configuration Professional tool to configure both your hub and spokes. It has some wizards and makes setting up a DMVPN a snap. (Besides if you have any plan to pursue CCNA Security you'll need to use CCP sooner or later. ) If you like the cli, you can always preview and parse out what configuration commands CCP generates based on your input to the GUI

Either way, you set up your hub and just start adding spokes as needed. Access-lists aren't generally required unless you want to lock down who can come up as a hub. It is quite simple to roll out.

View solution in original post

Marvin Rhoads · ‎09-24-2013

You'd get better interest in the VPN forum, but here're some tips:

I'd browse through the Cisco DMVPN Design Guide. That lays out both the high level considerations and gives detailed configuration files accommodating a lot of scenarios.

If that's a bit overwhelming, you can just skim that and then fall back to the free Cisco Configuration Professional tool to configure both your hub and spokes. It has some wizards and makes setting up a DMVPN a snap. (Besides if you have any plan to pursue CCNA Security you'll need to use CCP sooner or later. ) If you like the cli, you can always preview and parse out what configuration commands CCP generates based on your input to the GUI

Either way, you set up your hub and just start adding spokes as needed. Access-lists aren't generally required unless you want to lock down who can come up as a hub. It is quite simple to roll out.

jhotles · ‎09-24-2013

Thank you Marvin, yes CCP will be the way to go. I'll just as you mentioned pull out the commands afterwards. They certainly do make it easy. Thanks again for posting, would you mind allowing me to pop in once in a while if I have any questions down the road? Any e-mail address or just use this?

Thanks again Marvin .

Marvin Rhoads · ‎09-24-2013

You're welcome.

If you have further questions as you progress, I'd recommend posting in the VPN forum.

Jeff Van Houten · ‎09-24-2013

Look on Cco for doc Id 41940. That should do it.

Sent from Cisco Technical Support iPad App