Line 49: |
Line 49: |
| - Set IPsec Pre-shared key (we used simple 123456 for this example) | | - Set IPsec Pre-shared key (we used simple 123456 for this example) |
| | | |
− | <br>[[File:Dmvpn phase3 example1.png|alt=|border]] | + | <br>[[File:DMVPN phase3 example1.png|alt=|border]] |
| ---- | | ---- |
| <b>Step 2</b>: configure DMVPN Phase 1 parameters: | | <b>Step 2</b>: configure DMVPN Phase 1 parameters: |
Line 152: |
Line 152: |
| - Set GRE MTU to 1420 (this value should be set to the same value that was configured on the hub device. In our case, it is "1420") | | - Set GRE MTU to 1420 (this value should be set to the same value that was configured on the hub device. In our case, it is "1420") |
| | | |
− | - Set Local identifier, Remote identifier as %any and input the same Pre-shared key (This will determine how other devices will be identified for authentication) | + | - Set Local identifier (For setups behind NAT), Remote identifier as %any and input the same Pre-shared key (This will determine how other devices will be identified for authentication) |
| | | |
| <br>[[File:DMVPN phase3 example4.png|alt=|border]] | | <br>[[File:DMVPN phase3 example4.png|alt=|border]] |
Line 236: |
Line 236: |
| - Set GRE MTU to 1420 (this value should be set to the same value that was configured on the hub device. In our case, it is "1420") | | - Set GRE MTU to 1420 (this value should be set to the same value that was configured on the hub device. In our case, it is "1420") |
| | | |
− | - Set Local identifier, Remote identifier as %any and input the same Pre-shared key (This will determine how other devices will be identified for authentication) | + | - Set Local identifier (For setups behind NAT), Remote identifier as %any and input the same Pre-shared key (This will determine how other devices will be identified for authentication) |
| | | |
| <br>[[File:DMVPN phase3 example5.png|alt=|border]] | | <br>[[File:DMVPN phase3 example5.png|alt=|border]] |
Line 309: |
Line 309: |
| [[File:DMVPN HUB Phase3 example Firewall.png|border|class=tlt-border]] | | [[File:DMVPN HUB Phase3 example Firewall.png|border|class=tlt-border]] |
| ---- | | ---- |
− |
| |
− |
| |
− | For setups behind NAT specify Local identifier in the <b>Services → VPN → DMVPN → IPsec section </b>
| |
− |
| |
− | <nowiki>###</nowiki> Didn't we already set this during spoke configuration? It's a good point to mention/explain, but I don't think this should be at the bottom of the article, but instead should be next to IPsec config of each spoke
| |
− |
| |
− | ----
| |
− | [[File:DMVPN HUB Phase3 example Behind NAT.png|border|class=tlt-border]]
| |
− |
| |
| | | |
| <nowiki>###</nowiki> Need to show working configuration with pings or something. Also to verify that Phase 3 DMVPN condition is actually working. | | <nowiki>###</nowiki> Need to show working configuration with pings or something. Also to verify that Phase 3 DMVPN condition is actually working. |