Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
680
Views
0
Helpful
1
Replies

DMVPN Initiator / Responder

Go to solution
embowers1
Level 1
Level 1

‎08-26-2015 12:02 PM - edited ‎02-21-2020 08:25 PM

I want to use DHCP on the physical interface of my spoke routers from my broadband ISP. Since the address may change what can I do to ensure the the Hub is a responder and the spokes are the initiator of the DMVPN tunnels?

Spokes: 2900's

Hub: ASR1002

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
pjain2
Cisco Employee
Cisco Employee

‎09-03-2015 12:01 AM

Hey,

untill the DMVPN hub is not configured as the static VTI, i.e. specific tunnel source and tunnel destination is not configured on the hub, the initiator will always be spoke.

the whole purpose of having a dmvpn tunnel is so that any spoke can connect to the hub(given the spokes are configured to connect to the hub) without having to specifically define the spoke's ip address on the hub. Hence, the tunnel would always be initiated from the spoke.

please see the below document for further explanation:

When the spoke router starts up, it automatically initiates the IPsec tunnel with the hub router as described above. It then uses NHRP to notify the hub router of its current physical interface IP address.

http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/41940-dmvpn.html#dyntun

 

View solution in original post

0 Helpful
1 Reply 1

Go to solution
pjain2
Cisco Employee
Cisco Employee

‎09-03-2015 12:01 AM

Hey,

untill the DMVPN hub is not configured as the static VTI, i.e. specific tunnel source and tunnel destination is not configured on the hub, the initiator will always be spoke.

the whole purpose of having a dmvpn tunnel is so that any spoke can connect to the hub(given the spokes are configured to connect to the hub) without having to specifically define the spoke's ip address on the hub. Hence, the tunnel would always be initiated from the spoke.

please see the below document for further explanation:

When the spoke router starts up, it automatically initiates the IPsec tunnel with the hub router as described above. It then uses NHRP to notify the hub router of its current physical interface IP address.

http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/41940-dmvpn.html#dyntun

 

0 Helpful
Customers Also Viewed These Support Documents