Dynamic Multipoint VPN (DMVPN)
Dynamic Multipoint VPN (DMVPN) is the VPN that is the Cisco’s answer to increasing the demands of enterprise companies to be able to connect branch offices with head offices and between each other while keeping costs low, minimizing configuration complexity and increasing flexibility. With DMVPN, one central router, usually placed at the head office, undertakes the role of the Hub while all other branch routers are Spokes that connect to the Hub router so the branch offices can access the company’s resources.
 |
| Fig 1: Dynamic Multipoint VPN (DMVPN) |
R1 Configurations
interface
FastEthernet0/0
description LAN-Network
ip address
192.168.1.1 255.255.255.0
duplex auto
speed auto
!
interface
FastEthernet0/1
description
WAN-Network
ip address
1.1.1.10 255.255.255.0
duplex auto
speed auto
!
interface Tunnel0
description mGRE -
DMVPN Tunnel
ip address
172.16.0.1 255.255.255.0
no ip redirects
ip nhrp
authentication networkeduvative
ip nhrp map
multicast dynamic
ip nhrp network-id
1
tunnel source
1.1.1.10
tunnel mode gre
multipoint
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
lifetime 86400
!
crypto isakmp key
networkeducative address 0.0.0.0
!
crypto ipsec
transform-set TS esp-3des esp-md5-hmac
!
crypto ipsec profile
protect-gre
set security-association
lifetime seconds 86400
set transform-set TS
!
interface Tunnel 0
tunnel protection ipsec
profile protect-gre
!
ip route 192.168.2.0
255.255.255.0 172.16.0.2
ip route 192.168.3.0
255.255.255.0 172.16.0.3
R2 Configurations
interface
FastEthernet0/0
description
LAN-Network
ip address
192.168.2.1 255.255.255.0
duplex auto
speed auto
!
interface
FastEthernet0/1
description
WAN-Network
ip address
2.2.2.10 255.255.255.0
duplex auto
speed auto
!
interface Tunnel0
description R2
mGRE - DMVPN Tunnel
ip address
172.16.0.2 255.255.255.0
no ip redirects
ip nhrp
authentication networkeducative
ip nhrp map
multicast dynamic
ip nhrp map
172.16.0.1 1.1.1.10
ip nhrp map
multicast 1.1.1.10
ip nhrp network-id
1
ip nhrp nhs
172.16.0.1
tunnel source
FastEthernet0/1
tunnel mode gre
multipoint
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
lifetime 86400
!
crypto isakmp key
networkeducative address 0.0.0.0 0.0.0.0
!
crypto ipsec
transform-set TS esp-3des esp-md5-hmac
!
crypto ipsec profile
protect-gre
set security-association
lifetime seconds 86400
set transform-set TS
!
interface Tunnel 0
tunnel protection ipsec
profile protect-gre
!
ip route 192.168.1.0
255.255.255.0 172.16.0.1
ip route 192.168.3.0
255.255.255.0 172.16.0.3
R3 Configurations
interface
FastEthernet0/0
description
LAN-Network
ip address
192.168.3.1 255.255.255.0
duplex auto
speed auto
!
interface
FastEthernet0/1
description
WAN-Network
ip address
3.3.3.10 255.255.255.0
duplex auto
speed auto
!
interface Tunnel0
description R3
mGRE - DMVPN Tunnel
ip address
172.16.0.3 255.255.255.0
no ip redirects
ip nhrp
authentication networkeducative
ip nhrp map
multicast dynamic
ip nhrp map
172.16.0.1 1.1.1.10
ip nhrp map
multicast 1.1.1.10
ip nhrp network-id
1
ip nhrp nhs
172.16.0.1
tunnel source
FastEthernet0/1
tunnel mode gre
multipoint
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
lifetime 86400
!
crypto isakmp key
networkeducative address 0.0.0.0 0.0.0.0
!
crypto ipsec
transform-set TS esp-3des esp-md5-hmac
!
crypto ipsec profile
protect-gre
set security-association
lifetime seconds 86400
set transform-set TS
!
interface Tunnel 0
tunnel protection ipsec
profile protect-gre
!
ip route 192.168.1.0
255.255.255.0 172.16.0.1
ip route 192.168.2.0 255.255.255.0 172.16.0.2
0 Comments