Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
798
Views
0
Helpful
4
Replies

DMVPN question!

Go to solution
hanyawad
Level 1
Level 1

‎05-27-2013 08:55 PM - edited ‎02-21-2020 06:55 PM

Hello,

what the impact of share word when i type it at the end of this command under interface tunnel mode in DMVPN configuration?

tunnel protection ipsec profile share

in other words, if i have two tunnels on the same physical interface with two different clouds and

didn't type share word at the end of that command will cause any problem communicating with their peers?

please treat this as urgent. thank you for your help!

Labib

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
shine pothen
Level 3
Level 3
In response to hanyawad

‎05-28-2013 07:13 PM

Yes you need to use the command Shared.

The                        shared keyword allows IPsec sessions to be shared between multiple tunnel interfaces configured with the same tunnel source IP.

Potha

View solution in original post

0 Helpful
4 Replies 4

Go to solution
shine pothen
Level 3
Level 3

‎05-27-2013 10:24 PM

Hello,

yes you need to type the command "shared" if you are share the tunnel with same physical interface.

for more inform please read this cisco article.

http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_dmvpn/configuration/15-2mt/sec-conn-dmvpn-share-ipsec-w-tun-protect.html

please let me know if you have any doubts.

Potha

0 Helpful

Go to solution
shine pothen
Level 3
Level 3
In response to shine pothen

‎05-27-2013 10:30 PM

The tunnel protection IPsec profile shared command is used to create a single IPsec SADB for all the tunnel interfaces that use the same profile and tunnel source interface. This allows a single IPsec SA to be used for all GRE tunnels (same tunnel source and destination, but different tunnel keys) between the same two endpoints. It also makes IPsec QM processing unambiguous because there is one SADB to process the incoming IPsec QM request for all shared tunnel interfaces as opposed to multiple SADBs, one for each tunnel interface when the tunnel interface is not shared

0 Helpful

Go to solution
hanyawad
Level 1
Level 1
In response to shine pothen

‎05-28-2013 07:21 AM

Hi Shine,

thanks for your reply!

i'm using two tunnel interfaces on the same source physical interface with different destination ip addresses and different NHRP IDs and also different GRE IDs.

so in this case i should use share word at the end of this command or not?

thank you!

Labb

0 Helpful

Go to solution
shine pothen
Level 3
Level 3
In response to hanyawad

‎05-28-2013 07:13 PM

Yes you need to use the command Shared.

The                        shared keyword allows IPsec sessions to be shared between multiple tunnel interfaces configured with the same tunnel source IP.

Potha

0 Helpful
Customers Also Viewed These Support Documents