I am in desperate need of some help setting up a DMVPN between two routers a 3811 and 2611.
I have managed to get a basic config to have connectivity to the web and started on setting up the GRE tunnel however the tunnels well not connect. I am totally stumped. I need some help to get it sorted out.
I can provide snippets of the config for reference to the settings used.
One router is in an office behind a basic router. While the other is in a school behind the LFGL network. We have requested the three VPN ports to be opened as follows:
500,4500 and 10000 which have all be tested and are open.
I have looked online extensively and have finally exhausted all my options. I will need help with getting the correct config for the routers.
Please someone help me
Have you made sure you have UDP open? Ike and NAT-t use udp not tcp. Additionally, ESP uses PROTOCOL 50, which will have to also be allowed through the edge routers.
Sent from Cisco Technical Support iPad App
Thanks for the comment I will have to double check for the Protocol 50 being unblocked however, I know all the other ports required for UDP are open.
As for the document ID 29240
I will have a look at that too. It looks quite indepth I will run though the configuration as soon as I can and post up the results.
Basically, DMVPN or GRE will not work behind a firewall.
Either get a public address or even better, consult with an experienced/certified network engineer for alternate solutions.
We managed to get the tunnel talking however it was over two BT lines which ment there was difficulties with the MTU settings being none-standard. Are you able to post the section of your config showing the PKI and or IKE exchange settings in your file ? I am curious to see how to set it correctly. I still may be doing something wrong and not seeing why its not connecting properly. You dont have to use your values you can alter them to keep them secure.