CCNA Video Training Series

Instant Access, Web or Mobile!

Only $99 for 30 days...
Renew at half price!

Buy/Renew

Includes FREE Practice Exams!

Member Login

Lost your password?

Not a member yet? Sign Up!

Official Lammle User Forum

Results 1 to 2 of 2
  1. #1
    Join Date
    Jul 2008
    Posts
    211

    Default Help with DMVPN?

    Hi Everybody,

    I'm trying to configure a dynamic multipoint VPN without much success. I tried using the config in the SNRS Quick Reference guide first, but it had lots of mistakes and ommissions. Next, I tried Cisco's document and that's where I am currently.

    It could just be that I'm trying to do this in GNS3, but a point to point GRE worked fine. Any thought?

    Here are the configs:

    Hub:

    Current configuration : 3190 bytes
    !
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname vpngw
    !
    boot-start-marker
    boot-end-marker
    !
    !
    no aaa new-model
    memory-size iomem 5
    ip cef
    !
    !
    !
    !
    ip domain name greg.com
    !
    multilink bundle-name authenticated
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !

    !
    archive
    log config
    hidekeys
    !
    !
    crypto isakmp policy 100
    encr aes 192
    authentication pre-share
    group 2
    crypto isakmp key g0ph3r address 0.0.0.0 0.0.0.0
    !
    !
    crypto ipsec transform-set MYSET esp-aes 192 esp-sha-hmac
    mode transport
    !
    crypto ipsec profile MYVPN
    set transform-set MYSET
    !
    !
    !
    !
    !
    !
    !
    !
    interface Tunnel0
    ip address 192.168.1.1 255.255.255.0
    no ip redirects
    ip nhrp authentication MYAUTH
    ip nhrp map multicast dynamic
    ip nhrp network-id 100
    ip nhrp holdtime 300
    no ip split-horizon eigrp 100
    tunnel source FastEthernet0/1
    tunnel mode gre multipoint
    tunnel key 100
    tunnel protection ipsec profile MYVPN
    !
    interface FastEthernet0/0
    ip address 10.0.0.1 255.255.255.0
    duplex auto
    speed auto
    !
    interface FastEthernet0/1
    ip address 10.1.1.1 255.255.255.0
    duplex auto
    speed auto
    !
    router eigrp 100
    network 10.0.0.0 0.0.0.255
    network 192.168.1.0
    no auto-summary
    !
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
    !
    !
    ip http server
    no ip http secure-server
    !
    !
    !
    !
    !
    !
    !
    control-plane
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    line con 0
    line aux 0
    line vty 0 4
    password g0ph3r
    login
    transport input telnet
    line vty 5 1340
    password g0ph3r
    login
    transport input telnet
    !
    !
    end

    Spoke:

    Current configuration : 1506 bytes
    !
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname vpnspoke
    !
    boot-start-marker
    boot-end-marker
    !
    !
    no aaa new-model
    memory-size iomem 5
    ip cef
    !
    !
    !
    !
    ip domain name greg.com
    !
    multilink bundle-name authenticated
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    archive
    log config
    hidekeys
    !
    !
    crypto isakmp policy 100
    encr aes 192
    authentication pre-share
    group 2
    crypto isakmp key g0ph3r address 0.0.0.0 0.0.0.0
    !
    !
    crypto ipsec transform-set MYSET esp-aes 192 esp-sha-hmac
    mode transport
    !
    crypto ipsec profile MYVPN
    set transform-set MYSET
    !
    !
    !
    !
    !
    !
    !
    !
    interface Tunnel0
    ip address 192.168.1.2 255.255.255.0
    no ip redirects
    ip nhrp authentication MYAUTH
    ip nhrp map multicast dynamic
    ip nhrp map 192.168.1.1 10.1.1.1
    ip nhrp network-id 100
    ip nhrp holdtime 300
    ip nhrp nhs 10.1.1.1
    no ip split-horizon eigrp 100
    tunnel source FastEthernet0/1
    tunnel mode gre multipoint
    tunnel key 100
    tunnel protection ipsec profile MYVPN
    !
    interface FastEthernet0/0
    ip address 10.2.2.1 255.255.255.0
    duplex auto
    speed auto
    !
    interface FastEthernet0/1
    ip address 10.1.1.2 255.255.255.0
    duplex auto
    speed auto
    !
    router eigrp 100
    network 10.2.2.0 0.0.0.255
    network 192.168.1.0
    no auto-summary
    !
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
    ip route 10.3.3.0 255.255.255.0 Tunnel0
    !
    !
    ip http server
    no ip http secure-server
    !
    !
    !
    !
    !
    !
    !
    control-plane
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    line con 0
    line aux 0
    line vty 0 4
    login
    !
    !
    end
    Spoke2:

    Current configuration : 1504 bytes
    !
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname spoke2
    !
    boot-start-marker
    boot-end-marker
    !
    !
    no aaa new-model
    memory-size iomem 5
    ip cef
    !
    !
    !
    !
    ip domain name greg.com
    !
    multilink bundle-name authenticated
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    archive
    log config
    hidekeys
    !
    !
    crypto isakmp policy 100
    encr aes 192
    authentication pre-share
    group 2
    crypto isakmp key g0ph3r address 0.0.0.0 0.0.0.0
    !
    !
    crypto ipsec transform-set MYSET esp-aes 192 esp-sha-hmac
    mode transport
    !
    crypto ipsec profile MYVPN
    set transform-set MYSET
    !
    !
    !
    !
    !
    !
    !
    !
    interface Tunnel0
    ip address 192.168.1.3 255.255.255.0
    no ip redirects
    ip nhrp authentication MYAUTH
    ip nhrp map multicast dynamic
    ip nhrp map 192.168.1.1 10.1.1.1
    ip nhrp network-id 100
    ip nhrp holdtime 300
    ip nhrp nhs 10.1.1.1
    no ip split-horizon eigrp 100
    tunnel source FastEthernet0/1
    tunnel mode gre multipoint
    tunnel key 100
    tunnel protection ipsec profile MYVPN
    !
    interface FastEthernet0/0
    ip address 10.3.3.1 255.255.255.0
    duplex auto
    speed auto
    !
    interface FastEthernet0/1
    ip address 10.1.1.3 255.255.255.0
    duplex auto
    speed auto
    !
    router eigrp 100
    network 10.3.3.0 0.0.0.255
    network 192.168.1.0
    no auto-summary
    !
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
    ip route 10.2.2.0 255.255.255.0 Tunnel0
    !
    !
    ip http server
    no ip http secure-server
    !
    !
    !
    !
    !
    !
    !
    control-plane
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    line con 0
    line aux 0
    line vty 0 4
    login
    !
    !
    end

  2. #2
    Join Date
    Jul 2008
    Posts
    211

    Default

    Nevermind. Solved it. Three things:

    1. Changed "ip nhrp map multicast dynamic" to "ip nhrp map multicast <hub router physical addr>".
    2. Changed "ip nhrp nhs <hub physical address>" to "ip nhrp nhs <hub tunnel address>"
    3. Not sure whether to do this or not, but changed "ip next-hop-self eigrp 100" to "no ip next-hop-self eigrp 100"

    Now the dynamic tunnel is created when moving data between one spoke network and another.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •