08-05-2010 07:49 PM
Hi all,
Is it possible to build the gre tunnel with dynamic ip on one end-point?
08-05-2010 10:33 PM
dmvpn
this will help you achieve what you want and also when you look at it's sclability you will be amused, this is a fantastic technology but yeah its not too easy to understand
i hope this helps
08-10-2010 04:43 PM
Yes this is possible using DMVPN. For a simple single tunnel case it would look like:
Node1, that has the dynamic IP on interface Serial1/0 (could be any type of interface):
interface Tunnel0
bandwidth 1000
ip address 10.0.0.2 255.255.255.252
no ip redirects
ip mtu 1400
ip nhrp authentication test
ip nhrp map multicast 172.17.0.1
ip nhrp map 10.0.0.1 172.17.0.1
ip nhrp network-id 100000
ip nhrp holdtime 360
ip nhrp registration no-unique
ip nhrp nhs 10.0.0.1
no ip mroute-cache
delay 1000
cdp enable
tunnel source Serial1/0 <-- has dynamic IP address
tunnel destination 172.17.0.1
tunnel key 100000
tunnel protection ipsec profile vpnprof <-- for IPsec encryption (optional).
Node2, that has a static IP on interface Serial 2/0 (could be any type of interface):
interface Tunnel0
bandwidth 1000
ip address 10.0.0.1 255.255.255.0
ip mtu 1400
ip nhrp authentication test
ip nhrp map multicast dynamic
ip nhrp network-id 100000
ip nhrp holdtime 360
ip nhrp server-only
ip tcp adjust-mss 1360
cdp enable
tunnel source Serial2/0 <-- has IP address 172.17.0.1
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile vpnprof <-- for IPsec encryption (optional).
NHRP does the work of informing the Node2 about Node1's dynamic IP address.
You can find out more information about DMVPN at http://www.cisco.com/go/dmvpn
Mike.
08-11-2010 08:07 AM
Might want to use the same mask on the tunnel interfaces that participate in the same NHRP Network, particularly if there is to be more than 1 spoke, and you desire dynamic spoke-to-spoke tunnels to be negotiated.
Best Regards,
Mike
08-12-2010 12:01 PM
Mike,
You are absolutely correct. This what happens when you cut and paste and don't carefully look at it.
I was trying to show the use for a basic p-pGRE case in which case, though you have to use an mGRE
tunnel on the hub.
For just a single tunnel/spoke.
interface Tunnel0
ip address 10.0.0.2 255.255.255.252
...
ip nhrp authentication test
ip nhrp map multicast 172.17.0.1
ip nhrp map 10.0.0.1 172.17.0.1
ip nhrp network-id 100000
ip nhrp holdtime 360
ip nhrp registration no-unique
ip nhrp nhs 10.0.0.1
...
tunnel source Serial1/0 <-- has dynamic IP address
tunnel destination 172.17.0.1
...
interface Tunnel0
ip address 10.0.0.1 255.255.255.252
...
ip nhrp authentication test
ip nhrp map multicast dynamic
ip nhrp network-id 100000
ip nhrp holdtime 360
ip nhrp server-only
ip tcp adjust-mss 1360
tunnel source Serial2/0 <-- has IP address 172.17.0.1
tunnel mode gre multipoint
...
For many tunnels/spokes.
interface Tunnel0
ip address 10.0.0.
...
ip nhrp authentication test
ip nhrp map multicast 172.17.0.1
ip nhrp map 10.0.0.1 172.17.0.1
ip nhrp network-id 100000
ip nhrp holdtime 360
ip nhrp registration no-unique
ip nhrp nhs 10.0.0.1
...
tunnel source Serial1/0 <-- has dynamic IP address
tunnel destination 172.17.0.1 <-- If you want dynamic spoke-spoke then change to tunnel mode gre-multipoint
...
interface Tunnel0
ip address 10.0.0.1 255.255.255.0
...
ip nhrp authentication test
ip nhrp map multicast dynamic
ip nhrp network-id 100000
ip nhrp holdtime 360
ip nhrp server-only
ip tcp adjust-mss 1360
tunnel source Serial2/0 <-- has IP address 172.17.0.1
tunnel mode gre multipoint
...
Hope that is a little more clear.
Mike
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide