DMVPN Intricacies

Hello all,

So in preparation of learning the VPN's for v5 I have started with l2tpv3 and DMVPN. I am pretty good with configuring these both from scratch, however what I keep thinking is how much detail is Cisco going to test over. I know no one knows this now, but what little things are there that they can throw in this design that could shake things up?

I've mainly been studying a single hub design as that's what will be tested on. Just looking for the little tweaks that could possibly be introduced.

Below are my configs for anyone looking and just starting to study DMVPN. This should help you in getting started with labbing.

 

HUB CONFIGURATION

crypto isakmp policy 10
 encr aes
 authentication pre-share
 group 2

crypto isakmp key cisco address 0.0.0.0 0.0.0.0

crypto ipsec transform-set MYSET esp-aes esp-sha-hmac


crypto ipsec profile MY_PROFILE
 set transform-set MYSET


interface tunnel0
 bandwidth 1000
 no ip split-horizon eigrp 1
 no ip next-hop-self eigrp 1
 ip address <PRIVATE TUNNEL ADDRESS>
 ip mtu 1400
 ip tcp adjust-mss 1360
 ip nhrp authentication cisco
 ip nhrp map multicast dynamic
 ip nhrp network-id 5
 tunnel source <PUBLIC INTERFACE>
 tunnel mode gre multipoint
 tunnel key 6
 tunnel protection ipsec profile MY_PROFILE
 

router eigrp 1
 no auto
 net 10.0.0.0

-----------------------------------------------------
SPOKE CONFIGURATION


crypto isakmp policy 10
 encr aes
 authentication pre-share
 group 2

crypto isakmp key cisco address 0.0.0.0 0.0.0.0

crypto ipsec transform-set MYSET esp-aes esp-sha-hmac

crypto ipsec profile MY_PROFILE
 set transform-set MYSET

interface tunnel 0
 band 1000
 ip address <PRIVATE TUNNEL ADDRESS>
 ip mtu 1400
 ip tcp adjust-mss 1360
 ip nhrp authentication cisco
 ip nhrp map multicast <PUBLIC IP ADDRESS OF HUB>
 ip nhrp nhs <PRIVATE TUNNEL ADDRESS OF HUB>
 ip nhrp map <PRIVATE TUNNEL ADDRESS OF HUB> <PUBLIC IP ADDRESS OF HUB>
 ip nhrp network-id 5
 tunnel source <PUBLIC INTERFACE>
 tunnel mode gre multipoint
 tunnel key 6
 tunnel protection ipsec profile MY_PROFILE

router eigrp 1
 no auto
 net 10.0.0.0

Comments

Sign In or Register to comment.