CONFIGURING DYNAMIC MULTIPOINT VPN

CONFIGURING DYNAMIC MULTIPOINT VPN - SOLUTION OVERVIEW...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
All contents are Copyright © 1992–2005 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement. Page 1 of 16 SOLUTION OVERVIEW CONFIGURING DYNAMIC MULTIPOINT VPN WITH ON-DEMAND ROUTING OVERVIEW This document provides a sample configuration for configuring On-Demand Routing (ODR) with Dynamic Multipoint VPN (DMVPN) in hub to spoke configuration. The DMVPN feature simplifies the hub router IPsec configuration and supports dynamic IP addresses at the spoke router. DMVPN combines Generic Routing Encapsulation (GRE) tunnels, IPsec encryption, and Next Hop Resolution Protocol (NHRP). It provides IP routing for remote sites, while minimizing the overhead on the network devices. This sample configuration also allows load balancing with dual ODR hub routers, failover to a single hub when a hub router fails, and the recovery from a hub router failure when it is recovered. Figure 1. Network Diagram PREREQUISITES The sample configuration is based on the following assumptions: Public IP addresses for the hub routers (10.0.149.221 and 10.0.149.220) DMVPN network for tunnel interface on both hubs are 192.168.1.0/24 and 192.168.2.0/24 Spoke router can use static IP or dynamic IP addresses Example uses Enhanced Interior Gateway Routing Protocol (EIGRP) as its dynamic routing protocol Example uses pre-shared keys for authentication Disabled split tunneling for the spoke router; this allows the Internet traffic to go through the hub only LIMITATIONS This guide provides the DMPVN configuration, but does not cover the following configuration: Full router security audit: run a Security Device Manager (SDM) security audit in the wizard mode to lock down and secure the router. Initial router configuration step: full configuration is shown in the following section.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
© 2005 Cisco Systems, Inc. All rights reserved. Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com. Page 2 of 16 This configuration guide uses private addresses only. When using private addresses and connecting to the Internet, an appropriate Network Address Translation (NAT) or Port Address Translation (PAT) configuration is required to provide connectivity over the Internet. The ODR provides a default route only to the spoke, the configuration support hub and spoke topology; no split tunneling PRECAUTIONS Before configurations are made to any router, confirm the following: The spoke router can reach the DMVPN hub directly over the Internet. The DMVPN hub is configured and operational. COMPONENTS Cisco IOS Software Release 12.3(11)T3(fc2) Cisco 831, 1751, 3725 and 3745 Routers Figure 1 illustrates the network for the sample configuration. The information presented in this document was created from devices in a specific lab environment. All devices started with a cleared (default)
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 16

CONFIGURING DYNAMIC MULTIPOINT VPN - SOLUTION OVERVIEW...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online