Cisco IOS – Configuring DMVPN Spoke Router in Full Mesh IPsec VPN Using SDM

Configuring DMVPN Spoke Router in Full Mesh IPsec VPN Using SDM  [IPSec Negotiation/IKE Protocols] – Cisco Systems.



Automatic IPsec Encryption Initiation

GRE has the peer source and destination address configured or resolved with NHRP. Thus, this feature allows IPsec to be immediately triggered for the point-to-point GRE tunneling or when the GRE peer address is resolved via NHRP for the multipoint GRE tunnel.

Support for Dynamically Addressed Spoke Routers

When using point-to-point GRE and IPsec hub-and-spoke VPN networks, the physical interface IP address of the spoke routers must be known to configure the hub router, because IP address should be configured as the GRE tunnel destination address. This feature allows spoke routers to have dynamic physical interface IP addresses (common for cable and DSL connections). When the spoke router comes online it sends registration packets to the hub router. The current physical interface IP address of this spoke is located within these registration packets.

Dynamic Tunnel Creation for Spoke-to-Spoke Tunnels

This feature eliminates the need for spoke-to-spoke configuration to enable direct tunnels. When a spoke router wants to transmit a packet to another spoke router it can now use NHRP to dynamically determine the required destination address of the target spoke router. (The hub router acts as the NHRP server, handling the request for the source spoke router.) The two spoke routers dynamically create an IPsec tunnel between them, so the data can be directly transferred.

This configuration utilizes SDM version 1.2. The wizard in SDM version 1.2 supports only hub and spoke DMVPN configuration. This configuration guide will first configure the spoke with hub and spoke mode only and then modify the spoke configuration using the advanced mode to enable the full mesh DMVPN configuration to the spoke.

Although the spoke can be configured directly from the advanced mode, configuring the spoke in the wizard mode ensures the creation of policies and additional configuration checks.
This entry was posted in Uncategorized and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s