Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
752
Views
0
Helpful
2
Replies

spoke to spoke traffic on dmvpn

djames
Level 1
Level 1

‎08-16-2009 06:20 AM - edited ‎02-21-2020 04:18 PM

I have a dmvpn with about 20 spokes connecting to the hub. I am running eigrp. Is is possible to have spokes connect to each other without going through the hub? I have about three spokes that would need to communicate with each other. If so is the config on the hub or spokes or both?

Labels:
0 Helpful
2 Replies 2

bwilmoth
Level 5
Level 5

‎08-21-2009 10:34 AM

In DMVPN, spokes cansend packets directly to another spoke, if the routing table and NHRP table are available.

In order to create a spoke to spoke tunnel, a spoke must:

Learn a routing entryto the destination network

The next hop must be the remote spoke tunnel IP address

The spoke must learn the NBMA addressof this next hop

•The IPsec tunnel is only built afterthat

The below URL demonstrates a configuration for static and dynamic LAN-to-LAN tunnels with spoke-to-spoke connectivity through the hub PIX Firewall. PIX version 7.0 improves support for spoke-to-spoke VPN communications as it provides the ability for encrypted traffic to enter and leave the same interface.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00804675ac.shtml#intro

0 Helpful

walter baziuk
Level 5
Level 5
In response to bwilmoth

‎11-14-2010 10:53 AM

hello:

I am planing to deply DMVPN. I have the initial config working.

I require all iNet traffic to go to the HUB so that i have only one Inet gateway. This is to meet our security requirements

All hub and spokes site travel across the iNet to get to each other through IPSEC and GRE tuneels. I want to ensure that any traffic that is destined to non hub/sokes site go to the HUB./ Then the hub can screen all incoming and outgoing traffic

Any ideas or partial config examples?

cheers

walter

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents