03-20-2008
06:32 PM
- last edited on
02-21-2020
11:47 PM
by
cc_security_adm
Greetings, below is the basis for an MPLS based Dmvpn network for one of my customers.
Each private ip address space will consists of 10.171.0.0 /24 networks
GRE Tunnel Interfaces will be in the 172.16.0.0 /30 range
Ill be advertising the networks below from both the hub and spoke sites using EIGRP.
10.171.0.0 0.0.0.255 and 172.16.0.0 0.0.0.255
Ive implemented a DMVPN in a lab environment successfully but i need someone to say either yes it will work or suggest alternatives to the arrangement below so that i can sleep at night!
Any comments much appreciated.
Regards
03-21-2008 11:17 AM
Hi,
What is you tunnel int config on spoke and hub routers? I have working config DMVPN GRE with IPSec (no MPLS) which I can compare with
JY
03-24-2008 05:15 PM
On the Hub Router
crypto isakmp policy 10
hash sha
authentication pre-share
encryption 3des
group 2
lifetime 86400
!
crypto isakmp key Pa55w0rd address 0.0.0.0 0.0.0.0
crypto isakmp nat keepalive 20
!
crypto ipsec transform-set GlobalSet esp-3des
mode tunnel
!
crypto ipsec profile *********
set transform-set GlobalSet
set security-association lifetime seconds 86400
set security-association lifetime kilobytes 4608000
!
interface Tunnel 0
description ****** DMVPN GRE Tunnel ******
ip address 172.16.255.1 255.255.255.252
bandwidth 1000
delay 1000
ip nhrp holdtime 360
ip nhrp network-id 100000
ip nhrp authentication ********
ip mtu 1400
ip tcp adjust-mss 1360
ip nhrp map multicast dynamic
tunnel source FastEthernet 0/0
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile **********
no ip split-horizon eigrp 25
!
router eigrp 25
network 172.16.255.2 0.0.0.255
network 10.171.0.0 0.0.0.255
no auto-summary
On the first Spoke Router
interface Tunnel 10
description ****** DMVPN GRE Tunnel ******
ip address 172.16.255.2 255.255.255.252
bandwidth 1000
delay 1000
ip nhrp holdtime 360
ip nhrp network-id 100000
ip nhrp authentication ********
ip mtu 1400
ip tcp adjust-mss 1360
ip nhrp map 172.16.255.1 ***.**.**.***
tunnel source Dialer0
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile **********
!
router eigrp 25
network 172.16.255.2 0.0.0.255
network 10.171.0.0 0.0.0.255
no auto-summary
Regards
03-25-2008 03:47 AM
Hi,
I see a few differences from what I usually configure for DMVPN.
1. Under interface Tunnel0
- Add "ip nhrp nhs 172.16.255.1
- Add "ip nhrp map multicast
2. Under the router eigrp 25
- The network statements should be
network 172.16.255.0 0.0.0.3
network 10.171.0.0 0.0.0.255
Hope it helps, also take a look at:
http://www.cisco.com/en/US/docs/ios/12_4/secure/configuration/guide/hgreips.html
Regards,
Paulo
03-25-2008 06:07 AM
Thank you very much for your reply, ill update the config accordingly.
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide