cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1268
Views
0
Helpful
7
Replies
Beginner

DMVPN though multiple routers

Hi there,

I am in desperate need of some help setting up a DMVPN between two routers a 3811 and 2611.

I have managed to get a basic config to have connectivity to the web and started on setting up the GRE tunnel however the tunnels well not connect. I am totally stumped. I need some help to get it sorted out.

I can provide snippets of the config for reference to the settings used.

One router is in an office behind a basic router. While the other is in a school behind the LFGL network. We have requested the three VPN ports to be opened as follows:

500,4500 and 10000 which have all be tested and are open.

I have looked online extensively and have finally exhausted all my options. I will need help with getting the correct config for the routers.

Please someone help me

7 REPLIES 7
Highlighted
Contributor

Re: DMVPN though multiple routers

Have you made sure you have UDP open? Ike and NAT-t use udp not tcp. Additionally, ESP uses PROTOCOL 50, which will have to also be allowed through the edge routers.

Sent from Cisco Technical Support iPad App

Highlighted
Contributor

Re: DMVPN though multiple routers

Also, look on Cco for document Id 29240 for DMVPN configuration.

Sent from Cisco Technical Support iPad App

Highlighted
Beginner

DMVPN though multiple routers

Hi Jeff,

Thanks for the comment I will have to double check for the Protocol 50 being unblocked however, I know all the other ports required for UDP are open.

As for the document ID 29240

I will have a look at that too. It looks quite indepth I will run though the configuration as soon as I can and post up the results.

Highlighted
Contributor

Re: DMVPN though multiple routers

You'll also want to look at doc 41940. More detail and explanation of DMVPN.

Sent from Cisco Technical Support iPad App

Highlighted
Hall of Fame Master

Re: DMVPN though multiple routers

Basically, DMVPN or GRE will not work behind a firewall.

Either get a public address or even better, consult with an experienced/certified network engineer for alternate solutions.

Highlighted
Enthusiast

DMVPN though multiple routers

Did you setup PKI/IKE?  That must be done to get the tunnels active.  I jsut spent all day on this.

Highlighted
Beginner

DMVPN though multiple routers

We managed to get the tunnel talking however it was over two BT lines which ment there was difficulties with the MTU settings being none-standard. Are you able to post the section of your config showing the PKI and or IKE exchange settings in your file ? I am curious to see how to set it correctly. I still may be doing something wrong and not seeing why its not connecting properly. You dont have to use your values you can alter them to keep them secure.

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here