Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
792
Views
3
Helpful
4
Replies

"Sharing IPsec with Tunnel Protection required in some DMVPN configs"

Go to solution
MicJameson1
VIP Alumni
VIP Alumni

‎05-25-2023 08:30 AM

Hello tech gods upon giant marble thrones atop mount Olympus.

Sharing IPSec with Tunnel Protection  [Support] - Cisco Systems

I am configuring a new DMVPN architecture. Because there are so many caveats to using shared IPsec with tunnel protection (as can be read in above link, my default is to not use this shared tunnel protection technology. I really don't see significant upside to the feature.

Near the beginning of text in above link, it states "Sharing IPsec with Tunnel Protection feature is required in some DMVPN configurations."

QUESTION: Specifically what are the "some" configurations that "Sharing IPsec with Tunnel Protection feature is required in some DMVPN configurations." refers to?

Thank you.

 

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP
In response to MicJameson1

‎05-25-2023 11:13 AM

@MicJameson1 shared is required if you use the same physical interface as the tunnel source and ipsec profile for multiple mGRE tunnel interfaces.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Rob Ingram
VIP
VIP

‎05-25-2023 08:39 AM

@MicJameson1

"The tunnel protection IPsec profile shared command is used to create a single IPsec SADB for all the tunnel interfaces that use the same profile and tunnel source interface"

How many source interfaces (WAN/Internet etc) do you have, if one interface you don't need to use "shared".

 

 

Go to solution
MicJameson1
VIP Alumni
VIP Alumni
In response to Rob Ingram

‎05-25-2023 11:03 AM

I have not yet decided if I will use mor ethan 1 interface.

The essence of the question was what are any instances in which "shared" is required. Are there any "shared" required instances-- I cannot erect my topology without using "shared"?

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to MicJameson1

‎05-25-2023 11:13 AM

@MicJameson1 shared is required if you use the same physical interface as the tunnel source and ipsec profile for multiple mGRE tunnel interfaces.

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎05-25-2023 09:07 AM

let see 
if you use in Spoke with dual hub (two tunnel) if you loss interface then you loss connection to both hub so it useless in spoke side 
if you use it in Hub BUT one hub is primary and other is backup and the spoke is register to backup hub not to primary here you can use one interface with shared and two tunnel 

Customers Also Viewed These Support Documents