Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I am getting started with dmvpn. all my spokes will connect via the internet. from a design standpoint is it perfered to have the hub as the ca or have a standalone box as the ca (ms)? If there is a standalone box then it will need to accessible from...
I can not get spilt tunnel to work on my production router config:int serial 0/0/0desc externalip add x.x.x.x x.x.x.x.xip nat outsideip virtual-reassemblycrypto map ipsec-mapint fast 0/0desc internalip add y.y.y.y y.y.y.yip nat insideip virtual-reass...
it appears that the hub could sit behind ASA firewall with GRE and other ISAKMP/IPSec ports open and nat'd correctly.Any known issues with hub placemnet behind the ASA?
It would easy our deployment process. Currently 400 sites use dmvpn. 360 are used as back up, the rest use it as the sole connection to corporate resources, we've forcasted addtional an a average of 20 sites a year to use dmvpn.
i got the CA spilt out and spokes can complete phase1. pretty sweet setup. so now i'm looking at having the tunnel interfaces use dhcp. I found a supporting documnet and configuration setting however the spoke isn't getting an ip addy from the dhcp s...
