Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1251
Views
0
Helpful
2
Replies

Overlapping DMVPN tunnel network and local networks

Go to solution
brb719648
Level 1
Level 1

‎04-03-2017 01:46 PM - edited ‎02-21-2020 09:14 PM

I am designing a VPN solution for our company and believe that DMVPN is the best solution.  This configuration would allow an easier to manage vpn configuration on the spokes and on the hub\s.  In my testing I intentionally built scenarios that would result in overlapping ip spaces on the spokes.  Using NAT I was still able to get traffic to flow to the correct locations.  What I haven't been able to deal with is when the IP space of the local spoke is in the same subnet space as the DMVPN cloud.  These VPNs will connect to possibly thousands of clients with every manner of local networks configured.  I am trying to design a solution that is tolerant of overlapping networks in as many ways as possible.  

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
eduardopozo56
Level 1
Level 1

‎04-04-2017 12:52 AM

Hi,

If by the "DMVPN" cloud you are referring to the actual tunnel interfaces IP address, you can use a VRF to have the tunnel´s ip address on an isolated routing table from the actual LAN, this would allow you to haver overlapping addressing between the DMVPN cloud (WAN) and the actual LAN:

Look on Cisco documentation for the "tunnel VRF" command. This applies the VRF only to the tunnel interface itself (tunnel source/destination). or using a VRF directly on the tunnel interface (using the vrf forwarding, not the tunnel vrf command) would put your WAN interface on a vrf but your actual tunnel outside of that vrf (on the global routing table)

You can also google from "DMVPN front door vrf", there are many useful blog posts on this subject.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
eduardopozo56
Level 1
Level 1

‎04-04-2017 12:52 AM

Hi,

If by the "DMVPN" cloud you are referring to the actual tunnel interfaces IP address, you can use a VRF to have the tunnel´s ip address on an isolated routing table from the actual LAN, this would allow you to haver overlapping addressing between the DMVPN cloud (WAN) and the actual LAN:

Look on Cisco documentation for the "tunnel VRF" command. This applies the VRF only to the tunnel interface itself (tunnel source/destination). or using a VRF directly on the tunnel interface (using the vrf forwarding, not the tunnel vrf command) would put your WAN interface on a vrf but your actual tunnel outside of that vrf (on the global routing table)

You can also google from "DMVPN front door vrf", there are many useful blog posts on this subject.

0 Helpful

Go to solution
brb719648
Level 1
Level 1
In response to eduardopozo56

‎04-04-2017 07:18 AM

Hey,

Thanks for your help.  I'll start looking into VRF.  Thanks

0 Helpful
Customers Also Viewed These Support Documents