Cisco – DMVPN Tutorial

DMVPN Tutorial


 

.

 

 

HUB

interface Tunnel0
ip address 10.1.1.1 255.255.255.0
ip nhrp map multicast dynamic
ip nhrp network-id 1
tunnel source 192.168.1.100
tunnel mode gre multipoint
ip mtu 1416

ROUTER 2

interface Tunnel0
ip address 10.1.1.2 255.255.255.0
ip nhrp map 10.1.1.1 192.168.1.100
ip nhrp map multicast 192.168.1.100
ip nhrp network-id 1
ip nhrp nhs 10.1.1.1
tunnel source 192.168.2.2
tunnel mode gre multipoint
ip mtu 1416

ROUTER 3

interface Tunnel0
ip address 10.1.1.3 255.255.255.0
ip nhrp map 10.1.1.1 192.168.1.100
ip nhrp map multicast 192.168.1.100
ip nhrp network-id 1
ip nhrp nhs 10.1.1.1
tunnel source 192.168.3.3
tunnel mode gre multipoint
ip mtu 1416

ROUTER 4

interface Tunnel0
ip address 10.1.1.4 255.255.255.0
ip nhrp map 10.1.1.1 192.168.1.100
ip nhrp map multicast 192.168.1.100
ip nhrp network-id 1
ip nhrp nhs 10.1.1.1
tunnel source 192.168.4.4
tunnel mode gre multipoint
ip mtu 1416

IPSEC

Next we will need to add IPSEC, this will ensure that traffic is not sent in clear text. This configuration should be added to each router apart from router 1.

crypto isakmp policy 10
hash md5
encryption 3des
authentication pre-share

crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0
crypto ipsec transform MINE esp-3des

crypto ipsec profile DMVPN
set transform-set MINE

interface tunnel0
tunnel protection ipsec  profile DMVPN

DYNAMIC ROUTING

To enable dynamic routing using EIGRP add the following configuration onto each of your routers excluding router 1.

interface tunnel0
ip hold-time eigrp 1 35
no ip next-hop-self eigrp 1
no ip split-horizon eigrp 1

router eigrp 1
network 192.168.0.0
network 172.16.0.0
network 10.0.0.0
no auto-summary

TESTING / DIAGNOSTICS

NHRP TUNNELS

HUB#sh dmvpn
Legend: Attrb –> S – Static, D – Dynamic, I – Incompletea
N – NATed, L – Local, X – No Socket
# Ent –> Number of NHRP entries with same NBMA peerTunnel0, Type:Hub, NHRP Peers:2,
# Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb
—– ————— ————— —– ——– —–
1     192.168.2.2        10.1.1.2    UP    never D
1     192.168.3.3        10.1.1.3    UP    never D
1     192.168.4.4        10.1.1.4    UP    never D

EIGRP

HUB#sh ip route
! Gateway of last resort is not set
172.16.0.0/24 is subnetted, 2 subnets
D    172.16.2.0 [90/297372416] via 10.1.1.2, 00:02:02, Tunnel0
D    172.16.3.0 [90/297372416] via 10.1.1.3, 00:00:42, Tunnel0
D    172.16.4.0 [90/297372416] via 10.1.1.4, 00:00:42, Tunnel0S    192.168.4.0/24 [1/0] via 192.168.1.1
10.0.0.0/24 is subnetted, 1 subnets
C       10.1.1.0 is directly connected, Tunnel0
C    192.168.1.0/24 is directly connected, FastEthernet0/0
S    192.168.2.0/24 [1/0] via 192.168.1.1
S    192.168.3.0/24 [1/0] via 192.168.1.1

 

References:

 

This entry was posted in Cisco, DMVPN. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s