cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1222
Views
0
Helpful
2
Replies

Overlapping DMVPN tunnel network and local networks

brb719648
Level 1
Level 1

I am designing a VPN solution for our company and believe that DMVPN is the best solution.  This configuration would allow an easier to manage vpn configuration on the spokes and on the hub\s.  In my testing I intentionally built scenarios that would result in overlapping ip spaces on the spokes.  Using NAT I was still able to get traffic to flow to the correct locations.  What I haven't been able to deal with is when the IP space of the local spoke is in the same subnet space as the DMVPN cloud.  These VPNs will connect to possibly thousands of clients with every manner of local networks configured.  I am trying to design a solution that is tolerant of overlapping networks in as many ways as possible.  

1 Accepted Solution

Accepted Solutions

eduardopozo56
Level 1
Level 1

Hi,

If by the "DMVPN" cloud you are referring to the actual tunnel interfaces IP address, you can use a VRF to have the tunnel´s ip address on an isolated routing table from the actual LAN, this would allow you to haver overlapping addressing between the DMVPN cloud (WAN) and the actual LAN:

Look on Cisco documentation for the "tunnel VRF" command. This applies the VRF only to the tunnel interface itself (tunnel source/destination). or using a VRF directly on the tunnel interface (using the vrf forwarding, not the tunnel vrf command) would put your WAN interface on a vrf but your actual tunnel outside of that vrf (on the global routing table)

You can also google from "DMVPN front door vrf", there are many useful blog posts on this subject.

View solution in original post

2 Replies 2

eduardopozo56
Level 1
Level 1

Hi,

If by the "DMVPN" cloud you are referring to the actual tunnel interfaces IP address, you can use a VRF to have the tunnel´s ip address on an isolated routing table from the actual LAN, this would allow you to haver overlapping addressing between the DMVPN cloud (WAN) and the actual LAN:

Look on Cisco documentation for the "tunnel VRF" command. This applies the VRF only to the tunnel interface itself (tunnel source/destination). or using a VRF directly on the tunnel interface (using the vrf forwarding, not the tunnel vrf command) would put your WAN interface on a vrf but your actual tunnel outside of that vrf (on the global routing table)

You can also google from "DMVPN front door vrf", there are many useful blog posts on this subject.

Hey,

Thanks for your help.  I'll start looking into VRF.  Thanks