Line 23: |
Line 23: |
| | | |
| <ul> | | <ul> |
− | <li>2 Teltonika Routers for SPOKES</li> | + | <li>2 Teltonika Routers for '''SPOKES'''</li> |
− | <li>1 Teltonika Router for HUB with a public IP address</li> | + | <li>1 Teltonika Router for '''HUB''' with a public IP address</li> |
| <li>A PC to configure the routers</li> | | <li>A PC to configure the routers</li> |
| </ul> | | </ul> |
Line 65: |
Line 65: |
| <br>[[File:HUB main.png|alt=|border]] | | <br>[[File:HUB main.png|alt=|border]] |
| ---- | | ---- |
− | <b>Step 2</b>: configure DMVPN Phase 1 parameters: | + | <b>Step 2</b>: configure '''DMVPN Phase 1''' parameters: |
| | | |
| 1. Encryption algorithm - AES 128 | | 1. Encryption algorithm - AES 128 |
Line 75: |
Line 75: |
| <br>[[File:Hub phase1.png|alt=|border]] | | <br>[[File:Hub phase1.png|alt=|border]] |
| ---- | | ---- |
− | <b>Step 3</b>: configure DMVPN Phase 2 parameters: | + | <b>Step 3</b>: configure '''DMVPN Phase 2''' parameters: |
| | | |
| 1. Encryption algorithm - AES 128 | | 1. Encryption algorithm - AES 128 |
Line 85: |
Line 85: |
| <br>[[File:Hub phase2 fix.png|alt=|border]] | | <br>[[File:Hub phase2 fix.png|alt=|border]] |
| ---- | | ---- |
− | <b>Step 4</b>: configure DMVPN NHRP parameters: | + | <b>Step 4</b>: configure '''DMVPN NHRP''' parameters: |
| | | |
| In the NHRP parameters section, it is important to enable '''REDIRECT''' option, which is essential to our Phase 3 configuration. | | In the NHRP parameters section, it is important to enable '''REDIRECT''' option, which is essential to our Phase 3 configuration. |
Line 97: |
Line 97: |
| Navigate to the <b>Network → Routing → Dynamic Routes → BGP Protocol</b> page and follow the instructions provided below. | | Navigate to the <b>Network → Routing → Dynamic Routes → BGP Protocol</b> page and follow the instructions provided below. |
| | | |
− | <b>Step 1</b>: enable BGP and configure General section: | + | <b>Step 1</b>: enable '''BGP''' and configure General section: |
| | | |
| 1. Enable vty | | 1. Enable vty |
Line 113: |
Line 113: |
| | | |
| | | |
− | <b>Step 2</b>: Create BGP Peer Group: | + | <b>Step 2</b>: Create '''BGP''' Peer Group: |
| | | |
| - Add a Neighbor address for SPOKE 1 and SPOKE 2 (We used 10.0.0.1 and 10.0.0.2 which will be in the same subnet as our hub 10.0.0.254) | | - Add a Neighbor address for SPOKE 1 and SPOKE 2 (We used 10.0.0.1 and 10.0.0.2 which will be in the same subnet as our hub 10.0.0.254) |
Line 123: |
Line 123: |
| | | |
| | | |
− | <b>Step 3</b>: Add two BGP peers for each spoke: | + | <b>Step 3</b>: Add two '''BGP''' peers for each spoke: |
| | | |
| Now let's create BGP peers for Spokes on the same page. Add two new BGP peers with the following parameters: | | Now let's create BGP peers for Spokes on the same page. Add two new BGP peers with the following parameters: |
Line 171: |
Line 171: |
| | | |
| | | |
− | <b>Step 2</b>: configure DMVPN Phase 1 parameters: | + | <b>Step 2</b>: configure '''DMVPN''' '''Phase 1''' parameters: |
| | | |
| 1. Select the Encryption algorithm - AES 128 | | 1. Select the Encryption algorithm - AES 128 |
Line 183: |
Line 183: |
| | | |
| | | |
− | <b>Step 3</b>: configure DMVPN Phase 2 parameters: | + | <b>Step 3</b>: configure '''DMVPN Phase 2''' parameters: |
| | | |
| 1. Select the Encryption algorithm AES 128 | | 1. Select the Encryption algorithm AES 128 |
Line 195: |
Line 195: |
| | | |
| | | |
− | <b>Step 4</b>: configure DMVPN NHRP parameters: | + | <b>Step 4</b>: configure '''DMVPN NHRP''' parameters: |
| | | |
| - In the NHRP parameters section, it is important to enable REDIRECT option, which is essential to our Phase 3 configuration. | | - In the NHRP parameters section, it is important to enable REDIRECT option, which is essential to our Phase 3 configuration. |
Line 209: |
Line 209: |
| Navigate to the <b>Network → Routing → Dynamic Routes → BGP Protocol</b> page and follow the instructions provided below. | | Navigate to the <b>Network → Routing → Dynamic Routes → BGP Protocol</b> page and follow the instructions provided below. |
| | | |
− | <b>Step 1</b>: enable BGP and configure General section: | + | <b>Step 1</b>: enable '''BGP''' and configure General section: |
| | | |
| - Enable vty | | - Enable vty |
Line 221: |
Line 221: |
| | | |
| | | |
− | <b>Step 2</b>: Create BGP Peer: | + | <b>Step 2</b>: Create '''BGP''' Peer: |
| | | |
| - Set Remote AS to 65000 | | - Set Remote AS to 65000 |
Line 253: |
Line 253: |
| | | |
| | | |
− | <b>Step 2</b>: configure DMVPN Phase 1 parameters: | + | <b>Step 2</b>: configure '''DMVPN Phase 1''' parameters: |
| | | |
| - Select Encryption algorithm - AES 128 | | - Select Encryption algorithm - AES 128 |
Line 263: |
Line 263: |
| <br>[[File:Hub phase1.png|alt=spoke phase1|border]] | | <br>[[File:Hub phase1.png|alt=spoke phase1|border]] |
| ---- | | ---- |
− | <b>Step 3</b>: configure DMVPN Phase 2 parameters: | + | <b>Step 3</b>: configure '''DMVPN Phase 2''' parameters: |
| | | |
| - Select Encryption algorithm AES 128 | | - Select Encryption algorithm AES 128 |
Line 275: |
Line 275: |
| | | |
| | | |
− | <b>Step 4</b>: configure DMVPN NHRP parameters: | + | <b>Step 4</b>: configure '''DMVPN NHRP''' parameters: |
| | | |
| - In the NHRP parameters section, it is important to enable REDIRECT option, which is essential to our Phase 3 configuration. | | - In the NHRP parameters section, it is important to enable REDIRECT option, which is essential to our Phase 3 configuration. |
Line 289: |
Line 289: |
| Navigate to the <b>Network → Routing → Dynamic Routes → BGP Protocol</b> page and follow the instructions provided below. | | Navigate to the <b>Network → Routing → Dynamic Routes → BGP Protocol</b> page and follow the instructions provided below. |
| | | |
− | <b>Step 1</b>: enable BGP and configure General section: | + | <b>Step 1</b>: enable '''BGP''' and configure General section: |
| | | |
| - Enable vty | | - Enable vty |
Line 301: |
Line 301: |
| | | |
| | | |
− | <b>Step 2</b>: Create BGP Peer: | + | <b>Step 2</b>: Create '''BGP''' Peer: |
| | | |
| - Set Remote AS to 65000 | | - Set Remote AS to 65000 |
Line 315: |
Line 315: |
| | | |
| | | |
− | For HUB in Network > Firewall GRE zone change from REJECT to ACCEPT on FORWARD. | + | |
| + | For H'''UB''' in Network -> Firewall GRE zone change from '''REJECT''' to '''ACCEPT''' on '''FORWARD.''' |
| | | |
| [[File:Firewall.png|alt=|border]] | | [[File:Firewall.png|alt=|border]] |