Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
824
Views
0
Helpful
2
Replies

New to DMVPN - Getting internet from Hub to Spoke

Go to solution
klombard
Level 1
Level 1

‎01-25-2013 10:08 AM - edited ‎02-21-2020 06:39 PM

Currently setting up DMVPN Between one hub and spoke.  We use all static routing.  I successfully created the tunnel and am able to get into our internal network from the spoke lan.  However, I am unable to get any internet access.

Here's the static routing on the spoke:

ip route 0.0.0.0 0.0.0.0 <ISP Gateway of spoke>

ip route 192.168.48.0 255.255.240.0 <Hub Tunnel IP>

In our old site-2-site scenario, we would simply point the default route to the Tunnel interface and then the traffic would flow that way and then statically route any other data we want to go elsewhere.  However, I've noticed in this scenario that is not the case.  Also, when I go to point the default route somewhere else than the ISP Gateway (even to the Hub tunnel ip), I lose all connectivity to the Hub lan. 

Basically, I just need all traffic from the spoke to traverse the tunnel to the hub, where all resources and internet access will come from.  Any advice would be appreciated!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Michal Garcarz
Cisco Employee
Cisco Employee

‎01-25-2013 11:41 AM

Hi Ken,

Not a typical requirement to route 0/0 to dmvpn hub. For that you need:

1. correct routing on spoke which will point to tunnel for 0.0.0.0/0

You can achieve that via static or dynamic routing, example:

ip route      (this to have tunnel connectivity)

ip route 0.0.0.0 0.0.0.0                          (all traffic send thru tunnel)

I have never tested that scenario - but that would be my try.

---

Michal

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Michal Garcarz
Cisco Employee
Cisco Employee

‎01-25-2013 11:41 AM

Hi Ken,

Not a typical requirement to route 0/0 to dmvpn hub. For that you need:

1. correct routing on spoke which will point to tunnel for 0.0.0.0/0

You can achieve that via static or dynamic routing, example:

ip route      (this to have tunnel connectivity)

ip route 0.0.0.0 0.0.0.0                          (all traffic send thru tunnel)

I have never tested that scenario - but that would be my try.

---

Michal

0 Helpful

Go to solution
klombard
Level 1
Level 1
In response to Michal Garcarz

‎01-25-2013 12:04 PM

Gah.  Knew it was something simple.  Actually, following step 1 that you laid out seems to have fixed my issue.  Internet is now going through the Hub and access to the Hub LAN is still there.  I think I may have been close, but had mixed up the ISP IPs and ISP gateways.  Probably did the wrong combination.

Thanks for your help!

0 Helpful
Customers Also Viewed These Support Documents