Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
514
Views
0
Helpful
0
Replies

DMVPN centralized Internet Access, some packets lost to internet?

Meddane
VIP
VIP

‎08-10-2021 02:17 AM

In this topology a centralized internet access for corporate users through the Hub HQ site and a Direct Internet Access for guest users are configured as shown below with the configuration of Hub and Spoke1.

The ping from the guest-PC1 is 100 percent successful and the traceroute confirms that the Guest is going directly to INTERNET using the local gateway Spoke1 as expected.

Tracer ping guest PC.PNG

But the ping from the corporate-PC1, some packets are lost, the traceroute confirms that the packets to INTERNET are going through the tunnel DMVPN to the hub then to internet as expected.

TRACE PING CORPORATE PC.PNG

 DMVPN DIA TOPO.PNG

 

Hub:

interface Loopback0
ip address 10.1.1.1 255.255.255.0
!
interface Tunnel1
ip address 172.16.1.1 255.255.255.0
no ip redirects
no ip split-horizon eigrp 1
ip nat inside
ip nhrp network-id 1
ip summary-address eigrp 1 0.0.0.0 0.0.0.0
tunnel source Ethernet0/0
tunnel mode gre multipoint
!
interface Ethernet0/0
description to INTERNET
ip address 1.1.1.1 255.255.255.0
ip nat outside
!
router eigrp 1
network 10.0.0.0
network 172.16.0.0
!
ip nat inside source list 100 interface Ethernet0/0 overload
ip route 0.0.0.0 0.0.0.0 1.1.1.2

Spoke1:
ip vrf INTERNET
!
interface Loopback0
ip address 10.2.2.2 255.255.255.0
!
interface Loopback1
ip vrf forwarding INTERNET
ip address 192.168.2.2 255.255.255.0
ip nat inside
!
interface Tunnel1
ip address 172.16.1.2 255.255.255.0
no ip redirects
ip nhrp map multicast 1.1.1.1
ip nhrp map 172.16.1.1 1.1.1.1
ip nhrp network-id 1
ip nhrp nhs 172.16.1.1
tunnel source Ethernet0/0
tunnel mode gre multipoint
tunnel vrf INTERNET
!
interface Ethernet0/0
description to INTERNET
ip vrf forwarding INTERNET
ip address 2.2.2.1 255.255.255.0
ip nat outside
!
interface Ethernet0/1
description to Guest
ip vrf forwarding INTERNET
ip address 192.168.4.1 255.255.255.0
ip nat inside
!
interface Ethernet0/2
description to corporate
ip address 192.168.5.1 255.255.255.0
!
router eigrp 1
network 10.0.0.0
network 172.16.0.0
network 192.168.4.0
network 192.168.5.0
!
ip nat inside source list 1 interface Ethernet0/0 vrf INTERNET overload
ip route vrf INTERNET 0.0.0.0 0.0.0.0 2.2.2.2

 

Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents