08-12-2012 10:57 PM - edited 02-21-2020 06:16 PM
Hi dears. I configurated 1 hub and 3 spokes with dmvpn. all them are ok and working. now i want to add second router as hub for redundancy and configurated second tunnel at this router for redundancy tunnel.
my working hub and spoke routers configuration:
HUB1:
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 2
crypto isakmp key 6
cisco123
address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set TTS esp-aes 256 esp-sha-hmac
crypto ipsec fragmentation after-encryption
!
crypto ipsec profile customer
description .:: IPSec profile for DMVPN ::.
set security-association lifetime seconds 120
set transform-set TTS
!
!interface Tunnel0
ip address 172.30.30.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication cisco
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip tcp adjust-mss 1360
no ip split-horizon eigrp 90
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel key 0
tunnel protection ipsec profile customer
!
!
interface GigabitEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
ip address 10.0.0.1 255.255.255.0
ip access-group OUTSIDE2INSIDE in
duplex auto
speed auto
!
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
!
interface GigabitEthernet0/2
ip address 192.168.60.1 255.255.255.0
ip inspect in2out in
duplex auto
speed auto
!
!
router eigrp 90
network 172.30.30.1 0.0.0.0
network 192.168.60.1 0.0.0.0
!
!
ip route 0.0.0.0 0.0.0.0 192.168.60.2 (core switch ip address:192.168.60.2)
Spoke 1:
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 2
crypto isakmp key
cisco123
address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 120
!
!
crypto ipsec transform-set TTS esp-aes 256 esp-sha-hmac
crypto ipsec fragmentation after-encryption
!
crypto ipsec profile customer
description .:: IPsec Profile for DMVPN ::.
set security-association lifetime seconds 120
set transform-set TTS
!
!
interface Tunnel0
ip address 172.30.30.5 255.255.255.0
ip mtu 1400
ip nhrp authentication cisco
ip nhrp map multicast dynamic
ip nhrp map multicast 10.0.0.1
ip nhrp map 172.30.30.1 10.0.0.1
ip nhrp network-id 1
ip nhrp nhs 172.30.30.1
ip tcp adjust-mss 1360
tunnel source GigabitEthernet0/0
tunnel destination 10.0.0.1
tunnel key 0
tunnel protection ipsec profile customer
!
!
!
interface GigabitEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
ip address 10.0.0.5 255.255.255.0
duplex auto
speed auto
!
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
!
interface GigabitEthernet0/1.8
description User
encapsulation dot1Q 8
ip address 192.168.22.1 255.255.255.0
!
interface GigabitEthernet0/1.9
description Voice
encapsulation dot1Q 9
ip address 172.17.3.1 255.255.255.0
!
router eigrp 90
network 172.17.3.1 0.0.0.0
network 172.30.20.5 0.0.0.0
network 172.30.30.5 0.0.0.0
network 192.168.22.1 0.0.0.0
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 Tunnel0
this is my working configuartion. i want to configurated dual dmvpn with hsrp. mY qusetions is that>
what configuartion i need do at second hub2 router?
what configuartion i need do at spokes?
what default route's i must be config at spokes?
thanks
08-12-2012 11:27 PM
Hello,
This document will answer all of the questions you have
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_white_paper09186a008018983e.shtml
08-12-2012 11:36 PM
Thanks a lot. i understand that i must be configurated tunnel also at hub2 and add this tunnel all my spokes that are clear for me. only one issue i confused. now working configuration as you see my default router to tunnel0 at spokes , if i add second tunnel at spokes router what how i add that and think the redundancy process??
thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide