Solved: DMVPN and VRF Lite

rchester · ‎05-04-2011

Does anyone have an example of using multiple DMVPN Networks and VRF interfaces (no MPLS)

I have a requirment to use a common link to forward three isolated networks spoke to Hub as encrypted data. It could be VTI I dont mind, but I cant use MPLS.

Thanks

reload in 25 years

Marcin Latosiewicz · ‎05-04-2011

Hi,

"back in the day" I did made this config:

http://isamology.blogspot.com/2010/01/ipsec-and-vrfs-so-whos-doing-vrf.html

But normally I assume you've seen this:
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6660/prod_white_paper0900aecd8034be03_ps6658_Products_White_Paper.html

Same principles apply to VRF lite regardless of VTI/DMVPN/GREoIPsec configuration.

tunnel vrf = Front door VRF

ip vrf forwarding = inside VRF

Now if you add Nico's cheat sheet (for isakmp profiles mostly where needed) you should be all set.

https://supportforums.cisco.com/docs/DOC-13524

Marcin

View solution in original post

Marcin Latosiewicz · ‎05-04-2011

Hi,