cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1653
Views
0
Helpful
7
Replies

DMVPN though multiple routers

Cocobunji
Level 1
Level 1

Hi there,

I am in desperate need of some help setting up a DMVPN between two routers a 3811 and 2611.

I have managed to get a basic config to have connectivity to the web and started on setting up the GRE tunnel however the tunnels well not connect. I am totally stumped. I need some help to get it sorted out.

I can provide snippets of the config for reference to the settings used.

One router is in an office behind a basic router. While the other is in a school behind the LFGL network. We have requested the three VPN ports to be opened as follows:

500,4500 and 10000 which have all be tested and are open.

I have looked online extensively and have finally exhausted all my options. I will need help with getting the correct config for the routers.

Please someone help me

7 Replies 7

Jeff Van Houten
Level 5
Level 5

Have you made sure you have UDP open? Ike and NAT-t use udp not tcp. Additionally, ESP uses PROTOCOL 50, which will have to also be allowed through the edge routers.

Sent from Cisco Technical Support iPad App

Also, look on Cco for document Id 29240 for DMVPN configuration.

Sent from Cisco Technical Support iPad App

Hi Jeff,

Thanks for the comment I will have to double check for the Protocol 50 being unblocked however, I know all the other ports required for UDP are open.

As for the document ID 29240

I will have a look at that too. It looks quite indepth I will run though the configuration as soon as I can and post up the results.

You'll also want to look at doc 41940. More detail and explanation of DMVPN.

Sent from Cisco Technical Support iPad App

paolo bevilacqua
Hall of Fame
Hall of Fame

Basically, DMVPN or GRE will not work behind a firewall.

Either get a public address or even better, consult with an experienced/certified network engineer for alternate solutions.

Michael Durham
Level 4
Level 4

Did you setup PKI/IKE?  That must be done to get the tunnels active.  I jsut spent all day on this.

We managed to get the tunnel talking however it was over two BT lines which ment there was difficulties with the MTU settings being none-standard. Are you able to post the section of your config showing the PKI and or IKE exchange settings in your file ? I am curious to see how to set it correctly. I still may be doing something wrong and not seeing why its not connecting properly. You dont have to use your values you can alter them to keep them secure.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: