Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
637
Views
10
Helpful
2
Replies

DMVPN with cellular interface

owen2
Level 1
Level 1

‎02-07-2022 10:22 PM

HI All,

 

I'm trying to set up DMVPN using the cellular interface.
managed to get the IP address on the cellular interface and was able to surf the internet, 

i tried to ping from Hub to spoke cellular IP, failed.

not able to initialize the VPN traffic? 

 

Hub config

crypto isakmp policy 10
encryption aes 256
hash sha512
authentication pre-share
group 2
crypto isakmp key cisco address 0.0.0.0
crypto isakmp keepalive 10 3
crypto ipsec transform-set DMVPN1 esp-aes 256 esp-sha512-hmac
mode transport
crypto ipsec profile DMVPN
set transform-set DMVPN1

!

interface Loopback0
ip address 172.10.10.1 255.255.255.0
!

interface Vlan 1

ip address 192.168.1.1 255.255.255.0

!
interface Tunnel1
ip address 192.168.1.1 255.255.255.0
no ip redirects
no ip split-horizon eigrp 1
ip nhrp authentication cisco
ip nhrp network-id 1
ip nhrp holdtime 10
ip nhrp registration timeout 3
ip nhrp redirect
keepalive 10 3
tunnel source Cellular0/1/0
tunnel mode gre multipoint
tunnel key 1
tunnel protection ipsec profile DMVPN

!

router eigrp 1
network 172.10.10.1 0.0.0.0
network 192.168.1.1 0.0.0.0
passive-interface default
no passive-interface Tunnel1
no passive-interface Cellular0/1/0

 

spoke config

crypto isakmp policy 10
encryption aes 256
hash sha512
authentication pre-share
group 2
crypto isakmp key cisco address 10.11.243.98
crypto isakmp keepalive 10 3
crypto ipsec transform-set DMVPN1 esp-aes 256 esp-sha512-hmac
mode transport
crypto ipsec profile DMVPN
set transform-set DMVPN1

!

interface Loopback0
ip address 172.10.20.1 255.255.255.0

!

interface Vlan 1

ip address 192.168.2.1 255.255.255.0

!

interface Tunnel2
ip address 192.168.2.4 255.255.255.0
no ip redirects
no ip split-horizon eigrp 2
ip nhrp authentication cisco123
ip nhrp network-id 2
ip nhrp holdtime 10
ip nhrp registration timeout 3
ip nhrp redirect
keepalive 10 3
tunnel source Cellular0/1/0
tunnel mode gre multipoint
tunnel key 2
tunnel protection ipsec profile DMVPN

!

router eigrp 2
network 172.10.20.1 0.0.0.0
network 192.168.2.1 0.0.0.0
passive-interface default
no passive-interface Tunnel2
no passive-interface Cellular0/1/0

Labels:
2 Replies 2

Drum69
Level 1
Level 1

‎02-07-2022 10:32 PM - edited ‎02-08-2022 07:42 PM

Having a tool that would ensure you actually have a full-mesh configured would be extremely handy. Missing multicast maps would be extremely fun to troubleshoot. DMVNow.com

0 Helpful

MHM Cisco World
VIP
VIP

‎02-08-2022 05:26 AM

Dmvpn is hub to spoke connection,

spoke must have static nhrp dmvpn tunnel to hub, so hub must have IP address assign in the spoke tunnel to build this static tunnel.

you can config the spoke with cellular interface not hub.

also in hub and spoke only spoke can initiate the traffic, hub can not know what is the IP address spoke will use until spoke intiated the traffic.

0 Helpful
Customers Also Viewed These Support Documents