I have a dmvpn with about 20 spokes connecting to the hub. I am running eigrp. Is is possible to have spokes connect to each other without going through the hub? I have about three spokes that would need to communicate with each other. If so is the config on the hub or spokes or both?
In DMVPN, spokes cansend packets directly to another spoke, if the routing table and NHRP table are available.
In order to create a spoke to spoke tunnel, a spoke must:
Learn a routing entryto the destination network
The next hop must be the remote spoke tunnel IP address
The spoke must learn the NBMA addressof this next hop
â¢The IPsec tunnel is only built afterthat
The below URL demonstrates a configuration for static and dynamic LAN-to-LAN tunnels with spoke-to-spoke connectivity through the hub PIX Firewall. PIX version 7.0 improves support for spoke-to-spoke VPN communications as it provides the ability for encrypted traffic to enter and leave the same interface.
I am planing to deply DMVPN. I have the initial config working.
I require all iNet traffic to go to the HUB so that i have only one Inet gateway. This is to meet our security requirements
All hub and spokes site travel across the iNet to get to each other through IPSEC and GRE tuneels. I want to ensure that any traffic that is destined to non hub/sokes site go to the HUB./ Then the hub can screen all incoming and outgoing traffic
Any ideas or partial config examples?