Line 211: |
Line 211: |
| <b>Step 1</b>: enable '''BGP''' and configure General section: | | <b>Step 1</b>: enable '''BGP''' and configure General section: |
| | | |
− | - Enable vty
| + | 1. Enable vty |
| | | |
− | - Set AS to 65001
| + | 2. Set AS to 65001 |
| | | |
− | - Set Network to 192.168.10.0/24
| + | 3. Set Network to 192.168.10.0/24 |
| | | |
| <br>[[File:Spoke bgp.png|alt=|border]] | | <br>[[File:Spoke bgp.png|alt=|border]] |
Line 241: |
Line 241: |
| 2. Select Tunnel source (this is the egress interface, which will be able to reach the hub device's public IP address over the internet) | | 2. Select Tunnel source (this is the egress interface, which will be able to reach the hub device's public IP address over the internet) |
| | | |
− | 3. Add Local GRE interface IP address (this is the GRE IP address of "Spoke 2". It should be unique in the entire VPN network) | + | 3. Add Local GRE interface IP address (this is the GRE IP address of "Spoke 2". It should be unique in the entire VPN network) |
| | | |
− | 4. Add Remote GRE interface IP address (this is the GRE IP address of the previously configured hub device) | + | 4. Add Remote GRE interface IP address (this is the GRE IP address of the previously configured hub device) |
| | | |
− | 5. Set GRE MTU to 1420 (this value should be set to the same value that was configured on the hub device. In our case, it is "1420") | + | 5. Set GRE MTU to 1420 (this value should be set to the same value that was configured on the hub device. In our case, it is "1420") |
| | | |
| 6. Set Local identifier (For setups behind NAT), Remote identifier as %any and input the same Pre-shared key (This will determine how other devices will be identified for authentication) | | 6. Set Local identifier (For setups behind NAT), Remote identifier as %any and input the same Pre-shared key (This will determine how other devices will be identified for authentication) |
Line 255: |
Line 255: |
| <b>Step 2</b>: configure '''DMVPN Phase 1''' parameters: | | <b>Step 2</b>: configure '''DMVPN Phase 1''' parameters: |
| | | |
− | - Select Encryption algorithm - AES 128
| + | 1. Select Encryption algorithm - AES 128 |
| | | |
− | - Select Authentication SHA256
| + | 2. Select Authentication SHA256 |
| | | |
− | - Select DH group MODP3072
| + | 3. Select DH group MODP3072 |
| | | |
| <br>[[File:Hub phase1.png|alt=spoke phase1|border]] | | <br>[[File:Hub phase1.png|alt=spoke phase1|border]] |
Line 265: |
Line 265: |
| <b>Step 3</b>: configure '''DMVPN Phase 2''' parameters: | | <b>Step 3</b>: configure '''DMVPN Phase 2''' parameters: |
| | | |
− | - Select Encryption algorithm AES 128
| + | 1. Select Encryption algorithm AES 128 |
| | | |
− | - Select Hash algorithm SHA256
| + | 2. Select Hash algorithm SHA256 |
| | | |
− | - Select PFS group MODP3072
| + | 3. Select PFS group MODP3072 |
| | | |
| <br>[[File:Hub phase2 fix.png|alt=spoke phase2|border]] | | <br>[[File:Hub phase2 fix.png|alt=spoke phase2|border]] |
Line 291: |
Line 291: |
| <b>Step 1</b>: enable '''BGP''' and configure General section: | | <b>Step 1</b>: enable '''BGP''' and configure General section: |
| | | |
− | - Enable vty
| + | 1. Enable vty |
| | | |
− | - Set AS to 65002
| + | 2. Set AS to 65002 |
| | | |
− | - Set Network to 192.168.20.0/24
| + | 3. Set Network to 192.168.20.0/24 |
| | | |
| <br>[[File:Spoke2 bgp peer.png|alt=|border]] | | <br>[[File:Spoke2 bgp peer.png|alt=|border]] |