Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3903
Views
15
Helpful
4
Replies

Single Hub, Dual DMVPN Cloud

rastaman2
Level 1
Level 1

‎11-02-2010 04:51 AM - edited ‎02-21-2020 04:57 PM

Hello,

is it possible to run two dmvpn clouds on a single hub router?

Regards,

Thomas

Labels:
0 Helpful
4 Replies 4

wzhang
Cisco Employee
Cisco Employee

‎11-02-2010 06:31 AM

Hi, Thomas:

Yes you can have 2 mGRE tunnel interfaces on a single DMVPN hub router, although that may increase your risk of having a single point of failure for both DMVPN clouds. I hope this helps.

Thanks,

Wen

rastaman2
Level 1
Level 1
In response to wzhang

‎11-02-2010 10:23 AM

Hello Wen,

thanks for your reply. thats good news the risk of having a single point of failure is not that important in this case. I am trying to configure three autonomous DMVPN-Networkes (this works fine so fare), all with a dual hub - dual cloud topology. but the customer also requires an dmvpn connection from two of the DMVPN-Networks to the LAN of the third DMVPN-Hubs. I tried to configure this today, but did not get routing information. I will see what i can do tomorrow ...

Regards,

Thomas

0 Helpful

rastaman2
Level 1
Level 1
In response to rastaman2

‎11-03-2010 01:11 AM

It is me again.

I tried to configure some thing, the  IPSec-Connections are build up properly but I still dont receive any  routing information. The command "sh ip eigrp neighbours" on Hub A (Location 2) does not show any entries for EIGRP 2. "sh crypto isakmp sa" has two IPSec-VPN-Tunnels to the Hubs A/B (on Location 1).

Hub A (Location 1):

crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 5
crypto isakmp key test123 address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 10
!
!
crypto ipsec transform-set AES-256 esp-aes 256 esp-sha-hmac
!
crypto ipsec profile xxx
 set transform-set AES-256
!
interface Tunnel1
 description *** HS DMVPN Cloud 1 ***
 ip address 10.10.10.1 255.255.255.0
 ip mtu 1300
 ip nhrp authentication cisco
 ip nhrp map multicast dynamic
 ip nhrp network-id 1
 ip nhrp holdtime 600
 no ip split-horizon eigrp 1
 no ip next-hop-self eigrp 1
 tunnel source GigabitEthernet0/1
 tunnel mode gre multipoint
 tunnel key 1
 tunnel protection ipsec profile xxx
!
interface Tunnel2
 description *** Central DMVPN Cloud 1 ***
 ip address 10.10.100.1 255.255.255.0
 ip mtu 1300
 ip nhrp authentication cisco
 ip nhrp map multicast dynamic
 ip nhrp network-id 10
 ip nhrp holdtime 600
 no ip split-horizon eigrp 2
 no ip next-hop-self eigrp 2
 tunnel source GigabitEthernet0/1
 tunnel mode gre multipoint
 tunnel key 10
 tunnel protection ipsec profile xxx
!
interface GigabitEthernet0/0
 description *** LAN ***
 ip address 172.16.1.2 255.255.255.0
 duplex auto
 speed auto
 standby 1 ip 172.16.1.1
 standby 1 priority 100
 standby 1 preempt
 standby 1 track GigabitEthernet0/1
 no shut
!
interface GigabitEthernet0/1
 description *** OUTSIDE ***
 ip address 192.168.1.1 255.255.255.252
 duplex auto
 speed auto
 no shut
!
router eigrp 1
 network 10.10.10.0 0.0.0.255
 network 172.16.1.0 0.0.0.255
 no auto-summary
!
router eigrp 2
 network 10.10.100.0 0.0.0.255
 network 172.16.1.0 0.0.0.255
 no auto-summary
!
ip route 0.0.0.0 0.0.0.0 192.168.1.2
!

Hub B (Location 1):

crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 5
crypto isakmp key test123 address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 10
!
!
crypto ipsec transform-set AES-256 esp-aes 256 esp-sha-hmac
!
crypto ipsec profile xxx
 set transform-set AES-256
!
interface Tunnel1
 description *** HS DMVPN Cloud 2 ***
 ip address 10.10.11.1 255.255.255.0
 ip mtu 1300
 ip nhrp authentication cisco
 ip nhrp map multicast dynamic
 ip nhrp network-id 2
 ip nhrp holdtime 600
 no ip split-horizon eigrp 1
 no ip next-hop-self eigrp 1
 tunnel source GigabitEthernet0/1
 tunnel mode gre multipoint
 tunnel key 2
 tunnel protection ipsec profile xxx
!
interface Tunnel2
 description *** Zentralen DMVPN Cloud 2 ***
 ip address 10.10.101.1 255.255.255.0
 ip mtu 1300
 ip nhrp authentication cisco
 ip nhrp map multicast dynamic
 ip nhrp network-id 11
 ip nhrp holdtime 600
 no ip split-horizon eigrp 2
 no ip next-hop-self eigrp 2
 tunnel source GigabitEthernet0/1
 tunnel mode gre multipoint
 tunnel key 11
 tunnel protection ipsec profile xxx
!
interface GigabitEthernet0/0
 description *** LAN ***
 ip address 172.16.1.3 255.255.255.0
 duplex auto
 speed auto
 standby 1 ip 172.16.1.1
 standby 1 priority 80
 standby 1 preempt
 standby 1 track GigabitEthernet0/1
 no shut
!
interface GigabitEthernet0/1
 description *** OUTSIDE ***
 ip address 192.168.1.5 255.255.255.252
 duplex auto
 speed auto
 no shut
!
router eigrp 1
 network 10.10.11.0 0.0.0.255
 network 172.16.1.0 0.0.0.255
 no auto-summary
!
router eigrp 2
 network 10.10.101.0 0.0.0.255
 network 172.16.1.0 0.0.0.255
 no auto-summary
!
ip route 0.0.0.0 0.0.0.0 192.168.1.6
!

Hub A(Location 2):

crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 5
crypto isakmp key test123 address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 10
!
!
crypto ipsec transform-set AES-256 esp-aes 256 esp-sha-hmac
!
crypto ipsec profile xxx
 set transform-set AES-256
!
interface Tunnel1
 description *** CP DMVPN Cloud 1 ***
 ip address 10.10.30.1 255.255.255.0
 ip mtu 1300
 ip nhrp authentication cisco
 ip nhrp map multicast dynamic
 ip nhrp network-id 3
 ip nhrp holdtime 600
 delay 1000
 no ip split-horizon eigrp 1
 no ip next-hop-self eigrp 1
 tunnel source FastEthernet0/1
 tunnel mode gre multipoint
 tunnel key 3
 tunnel protection ipsec profile xxx
!
interface Tunnel2
 description *** Central DMVPN Cloud 1 ***
 ip address 10.10.100.10 255.255.255.0
 ip mtu 1300
 ip nhrp authentication cisco
 ip nhrp map 10.10.100.1 192.168.1.1
 ip nhrp map multicast 192.168.1.1
 ip nhrp network-id 10
 ip nhrp holdtime 600
 ip nhrp nhs 10.10.100.1
 delay 1000
 tunnel source FastEthernet0/1
 tunnel mode gre multipoint
 tunnel key 10
 tunnel protection ipsec profile xxx shared
!
interface Tunnel3
 description *** Central DMVPN Cloud 2 ***
 ip address 10.10.101.10 255.255.255.0
 ip mtu 1300
 ip nhrp authentication cisco
 ip nhrp map 10.10.101.1 192.168.1.5
 ip nhrp map multicast 192.168.1.5
 ip nhrp network-id 11
 ip nhrp holdtime 600
 ip nhrp nhs 10.10.101.1
 delay 1050
 tunnel source FastEthernet0/1
 tunnel mode gre multipoint
 tunnel key 11
 tunnel protection ipsec profile xxx shared
!
interface FastEthernet0/0
 description *** LAN ***
 ip address 172.18.1.2 255.255.255.0
 duplex auto
 speed auto
 standby 1 ip 172.18.1.1
 standby 1 priority 100
 standby 1 preempt
 standby 1 track FastEthernet0/1
 no shut
!
interface FastEthernet0/1
 description *** OUTSIDE ***
 ip address 192.168.1.17 255.255.255.252
 duplex auto
 speed auto
 no shut
!
router eigrp 1
 network 10.10.30.0 0.0.0.255
 network 172.18.1.0 0.0.0.255
 no auto-summary
!
router eigrp 2
 network 10.10.100.0 0.0.0.255
 network 10.10.101.0 0.0.0.255
 network 172.18.1.0 0.0.0.255
 eigrp stub connected
 no auto-summary
!
ip route 0.0.0.0 0.0.0.0 192.168.1.18
!
0 Helpful

Rudresh Veerappaji
Cisco Employee
Cisco Employee
In response to rastaman2

‎11-03-2010 03:55 AM

Hi Thomas,

On the routers, if you are using the same ipsec profile for both the tunnel interfaces,  please make sure you have the following confiugration;

 tunnel protection ipsec profile xxx shared

Let me know if this helps,

Cheers

Rudresh V

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents