cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
617
Views
0
Helpful
1
Replies

EZVPN Client and DMVPN Spoke Traffic

leaderglobal
Level 1
Level 1

I seem to be having issues with communication between DMVPN spokes and EZVPN clients.

I've got a 3825 Router at my DataCenter connecting to our MPLS backbone and also acting as a DMVPN HUB for a long site (last site left to be migrated to MPLS) and EZVPN server for remote client access. The router is behind a 2821 serving as a Internet Gateway which provides NAT and Firewall. Routing is both iBGP internally and eBGP externally.

EZVPN Clients utilize VPN-on-a-Stick to provide for Internet Access without enabling Split Tunneling.

Everything works fine except communication between EZVPN Client and the DMVPN spoke. Tracert from client to seems to show traffic hitting my on Internet Router's Interface that's connected to GI0/0 on the MPLS/DMVPN HUB/EZVPN HUB router that's in question.

I'm scratching my head on this one and would appreciate any help that anyone can offer.

Note: I just switched from EIGRP to BGP internally (MPLS connection has always been BGP) and had trouble with BGP between Hub and Spoke which is the reasoning for the static routes (X.29, X.30, X.31) to the Spoke. There is only one Spoke because the network used to be a DMVPN backbone between 8 sites untill I implemented a MPLS VPN backbone. Remaing site has yet to be migrated - waiting now on new MPLS provider to implement - so this is a somewhat temporary.

1 Reply 1

leaderglobal
Level 1
Level 1

This has been solved. Since I was using static routes with the Spoke - I needed to add a static route on the spoke which pointed to the IP Address rage of the EZVPN clients.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: