Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1546
Views
0
Helpful
4
Replies

DMVPN with Dual Hub/Dual ISPs for Hub and Spokes

youssef.el.fathi
Level 1
Level 1

‎05-19-2010 08:51 AM - edited ‎02-21-2020 04:39 PM

Hello,

I am working on my first DMVPN project and i would like to have some expert advices.

Here is the topology:

Two Hubs (one in France with Dual ISPs and the other in the US with one ISP for now) and many spokes (60 with two ISPs). Some spokes have to communicate each other directly and access some resources to the US and France Hub. The Hubs have to communicate directly as well.

I read the DMVPN Design guide, but it is oriented towards Dual VPN with single ISP and i would like some help to point me to the right direction.

Many thanks.

Youssef

Labels:
0 Helpful
4 Replies 4

andrew.prince
Level 10
Level 10

‎05-20-2010 02:07 AM

What exactly is your question?

0 Helpful

youssef.el.fathi
Level 1
Level 1
In response to andrew.prince

‎05-20-2010 02:46 AM

Hello Andrew,

My question is about design.

If i go with two routers with HSRP and each one attached to each ISP, i will have to build, for a spoke, 4 multipoint GRE tunnels on each router.

I attached a sample design for the clarity.

Is this design correct, easy to implement or i can do it another way?

Thanks.

PS : as stated in the first post, the goal is redundancy of equipment and WAN Access with spoke-to-spoke "direct communication".

Preview file
59 KB
0 Helpful

andrew.prince
Level 10
Level 10
In response to youssef.el.fathi

‎05-20-2010 03:34 AM

Typically this would be true of non-DMVPN tunnels - static GRE.  However with the aid of NHRP you

only need 1 "Tunnel" but you would still need multiple VPN's to and from the seperate ISP IP addresses - but as in the name DMVPN these would be dynamic VPN tunnels anyway!  You just need to configure the NHRP servers!

HTH>

0 Helpful

youssef.el.fathi
Level 1
Level 1
In response to andrew.prince

‎05-20-2010 05:05 AM

Thanks,

In summary, as i have two ISPs for the HUBs, i need two tunnels for each HUB, acting as NHRP Servers. But for the spokes, i will have four static tunnels that will learn IP addresses from the previous NHRP servers. Finally we have four subnets IP matching my four DMVPN clouds.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents