Filter
Top Products
All contents are Copyright © 1992–2005 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 1 of 16
SOLUTION OVERVIEW
CONFIGURING DYNAMIC MULTIPOINT VPN
WITH ON-DEMAND ROUTING
OVERVIEW
This document provides a sample configuration for configuring On-Demand Routing (ODR) with Dynamic Multipoint VPN (DMVPN) in hub to
spoke configuration. The DMVPN feature simplifies the hub router IPsec configuration and supports dynamic IP addresses at the spoke router.
DMVPN combines Generic Routing Encapsulation (GRE) tunnels, IPsec encryption, and Next Hop Resolution Protocol (NHRP). It provides IP
routing for remote sites, while minimizing the overhead on the network devices. This sample configuration also allows load balancing with dual
ODR hub routers, failover to a single hub when a hub router fails, and the recovery from a hub router failure when it is recovered.
Figure 1. Network Diagram
PREREQUISITES
The sample configuration is based on the following assumptions:
• Public IP addresses for the hub routers (10.0.149.221 and 10.0.149.220)
• DMVPN network for tunnel interface on both hubs are 192.168.1.0/24 and 192.168.2.0/24
• Spoke router can use static IP or dynamic IP addresses
• Example uses Enhanced Interior Gateway Routing Protocol (EIGRP) as its dynamic routing protocol
• Example uses pre-shared keys for authentication
• Disabled split tunneling for the spoke router; this allows the Internet traffic to go through the hub only
LIMITATIONS
This guide provides the DMPVN configuration, but does not cover the following configuration:
• Full router security audit: run a Security Device Manager (SDM) security audit in the wizard mode to lock down and secure the router.
• Initial router configuration step: full configuration is shown in the following section.