Difference between revisions of "DMVPN with IPsec Phase 3"
PauliusRug (talk | contribs) |
(Created page with "==Introduction== This article contains instructions on how to configure DMVPN Phase 3 between a "Hub" and two "Spokes" using Teltonika devices. ==Prerequisites and overview=...") |
||
(51 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
− | |||
− | |||
==Introduction== | ==Introduction== | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
This article contains instructions on how to configure DMVPN Phase 3 between a "Hub" and two "Spokes" using Teltonika devices. | This article contains instructions on how to configure DMVPN Phase 3 between a "Hub" and two "Spokes" using Teltonika devices. | ||
Line 23: | Line 8: | ||
<ul> | <ul> | ||
− | <li>2 Teltonika Routers for | + | <li>2 Teltonika Routers for "Spokes" and one for "Hub"</li> |
− | |||
<li>A PC to configure the routers</li> | <li>A PC to configure the routers</li> | ||
+ | <li>HUB must have a Public IP address</li> | ||
</ul> | </ul> | ||
− | == | + | ==HUB configuration== |
− | |||
− | |||
− | + | This section contains information on how to configure DMVPN <b>HUB</b>. Firstly, we'll configure the DMVPN instance to make the connection possible. Then we'll set the <b>Border Gateway Protocol</b> (<b>BGP</b>) parameters as our dynamic routing solution. | |
− | + | <b>Note</b>: at the moment, BGP is the only stable dynamic routing solution that can work with DMVPNs. | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
===HUB configuration: DMVPN=== | ===HUB configuration: DMVPN=== | ||
Line 49: | Line 23: | ||
Navigate to the <b>Services → VPN → DMVPN</b> page and follow the instructions provided below. | Navigate to the <b>Services → VPN → DMVPN</b> page and follow the instructions provided below. | ||
− | <b>Step 1</b>: create a new DMVPN instance: | + | <b>Step 1</b>: create a new DMVPN instance:<br>[[File:DMVP_HUB_phase3_example1.png]] |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | <br>[[File: | ||
---- | ---- | ||
− | <b>Step 2</b>: configure | + | <b>Step 2</b>: configure DMVPN Phase 1 parameters:<br>[[File:DMVP HUB phase3 example2.png]] |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | <br>[[File: | ||
---- | ---- | ||
− | <b>Step 3</b>: configure | + | <b>Step 3</b>: configure DMVPN Phase 2 parameters:<br>[[File:DMVPN HUB Phase3 example3.png]] |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | <br>[[File: | ||
---- | ---- | ||
− | <b>Step 4</b>: configure | + | <b>Step 4</b>: configure DMVPN NHRP parameters:<br>[[File:DMVPN HUB Phase3 example4.png]] |
− | |||
− | |||
− | |||
− | <br>[[File: | ||
---- | ---- | ||
<b>Step 5</b>: save changes | <b>Step 5</b>: save changes | ||
− | ===Hub configuration: BGP === | + | ===Hub configuration: BGP=== |
Navigate to the <b>Network → Routing → Dynamic Routes → BGP Protocol</b> page and follow the instructions provided below. | Navigate to the <b>Network → Routing → Dynamic Routes → BGP Protocol</b> page and follow the instructions provided below. | ||
− | <b>Step 1</b>: enable | + | <b>Step 1</b>: enable BGP and configure General section:<br>[[File:DMVPN HUB Phase3 example5.png]] |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | <br>[[File: | ||
---- | ---- | ||
− | + | <b>Step 2</b>: Create BGP Peer Group:<br>[[File:DMVPN HUB Phase3 example6.png]] | |
− | |||
− | <b>Step 2</b>: Create | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | <br>[[File: | ||
---- | ---- | ||
− | + | <b>Step 3</b>: Add two BGP peers for each spoke:<br>[[File:DMVPN HUB Phase3 example7.png]] | |
− | |||
− | <b>Step 3</b>: Add two | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | <br>[[File: | ||
---- | ---- | ||
− | [[File: | + | [[File:DMVPN HUB Phase3 example8.png]] |
---- | ---- | ||
− | === Spoke 1 configuration: DMVPN=== | + | ===Spoke 1 configuration: DMVPN=== |
---- | ---- | ||
− | |||
− | |||
Navigate to the <b>Services → VPN → DMVPN</b> page and follow the instructions provided below. | Navigate to the <b>Services → VPN → DMVPN</b> page and follow the instructions provided below. | ||
− | <b>Step 1</b>: create a new DMVPN instance: | + | <b>Step 1</b>: create a new DMVPN instance:<br>[[File:DMVPN HUB Phase3 spoke1 example1.png]] |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | <br>[[File: | ||
---- | ---- | ||
− | + | <b>Step 2</b>: configure DMVPN Phase 1 parameters:<br>[[File:DMVPN HUB Phase3 spoke example2.png]] | |
− | |||
− | <b>Step 2</b>: configure | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | <br>[[File: | ||
---- | ---- | ||
− | + | <b>Step 3</b>: configure DMVPN Phase 2 parameters:<br>[[File:DMVPN HUB Phase3 spoke example3.png]] | |
− | |||
− | <b>Step 3</b>: configure | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | <br>[[File: | ||
---- | ---- | ||
− | + | <b>Step 4</b>: configure DMVPN NHRP parameters:<br>[[File:DMVPN HUB Phase3 spoke example4.png]] | |
− | |||
− | <b>Step 4</b>: configure | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | <br>[[File: | ||
---- | ---- | ||
<b>Step 5</b>: save changes | <b>Step 5</b>: save changes | ||
− | ===Spoke 1 configuration: BGP === | + | ===Spoke 1 configuration: BGP=== |
Navigate to the <b>Network → Routing → Dynamic Routes → BGP Protocol</b> page and follow the instructions provided below. | Navigate to the <b>Network → Routing → Dynamic Routes → BGP Protocol</b> page and follow the instructions provided below. | ||
− | <b>Step 1</b>: enable | + | <b>Step 1</b>: enable BGP and configure General section:<br>[[File:DMVPN HUB Phase3 spoke example5.png]] |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | <br>[[File: | ||
---- | ---- | ||
− | + | <b>Step 2</b>: Create BGP Peer:<br>[[File:DMVPN HUB Phase3 spoke example6.png]] | |
− | |||
− | <b>Step 2</b>: Create | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | <br>[[File: | ||
===Spoke 2 configuration: DMVPN=== | ===Spoke 2 configuration: DMVPN=== | ||
Line 235: | Line 73: | ||
Navigate to the <b>Services → VPN → DMVPN</b> page and follow the instructions provided below. | Navigate to the <b>Services → VPN → DMVPN</b> page and follow the instructions provided below. | ||
− | <b>Step 1</b>: create a new DMVPN instance: | + | <b>Step 1</b>: create a new DMVPN instance:<br>[[File:DMVPN HUB Phase3 spoke2 example1.png]] |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | <br>[[File: | ||
---- | ---- | ||
− | + | <b>Step 2</b>: configure DMVPN Phase 1 parameters:<br>[[File:DMVPN HUB Phase3 spoke2 example2.png]] | |
− | |||
− | <b>Step 2</b>: configure | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | <br>[[File: | ||
---- | ---- | ||
− | <b>Step 3</b>: configure | + | <b>Step 3</b>: configure DMVPN Phase 2 parameters:<br>[[File:DMVPN HUB Phase3 spoke2 example3.png]] |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | <br>[[File: | ||
---- | ---- | ||
− | + | <b>Step 4</b>: configure DMVPN NHRP parameters:<br>[[File:DMVPN HUB Phase3 spoke2 example4.png]] | |
− | |||
− | <b>Step 4</b>: configure | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | <br>[[File: | ||
---- | ---- | ||
<b>Step 5</b>: save changes | <b>Step 5</b>: save changes | ||
− | ===Spoke 2 configuration: BGP === | + | ===Spoke 2 configuration: BGP=== |
Navigate to the <b>Network → Routing → Dynamic Routes → BGP Protocol</b> page and follow the instructions provided below. | Navigate to the <b>Network → Routing → Dynamic Routes → BGP Protocol</b> page and follow the instructions provided below. | ||
− | <b>Step 1</b>: enable | + | <b>Step 1</b>: enable BGP and configure General section:<br>[[File:DMVPN HUB Phase3 spoke2 example5.png]] |
+ | ---- | ||
+ | <b>Step 2</b>: Create BGP Peer:<br>[[File:DMVPN HUB Phase3 spoke2 example6.png]] | ||
− | + | ===Important Note=== | |
− | + | For HUB in Network > Firewall GRE zone change from REJECT to ACCEPT on FORWARD. | |
− | + | ---- | |
− | + | [[File:DMVPN HUB Phase3 example Firewall.png]] | |
− | |||
− | |||
---- | ---- | ||
− | + | For setups behind NAT specify Local identifier in the <b>Services → VPN → DMVPN → IPsec section </b> | |
− | |||
− | <b> | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
---- | ---- | ||
− | + | [[File:DMVPN HUB Phase3 example Behind NAT.png]] | |
− | |||
− | |||
− | |||
− | |||
− | [[File: | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− |
Revision as of 12:12, 5 December 2022
Main Page > General Information > Configuration Examples > VPN > DMVPN with IPsec Phase 3Introduction
This article contains instructions on how to configure DMVPN Phase 3 between a "Hub" and two "Spokes" using Teltonika devices.
Prerequisites and overview
You will need:
- 2 Teltonika Routers for "Spokes" and one for "Hub"
- A PC to configure the routers
- HUB must have a Public IP address
HUB configuration
This section contains information on how to configure DMVPN HUB. Firstly, we'll configure the DMVPN instance to make the connection possible. Then we'll set the Border Gateway Protocol (BGP) parameters as our dynamic routing solution.
Note: at the moment, BGP is the only stable dynamic routing solution that can work with DMVPNs.
HUB configuration: DMVPN
Navigate to the Services → VPN → DMVPN page and follow the instructions provided below.
Step 1: create a new DMVPN instance:
Step 2: configure DMVPN Phase 1 parameters:
Step 3: configure DMVPN Phase 2 parameters:
Step 4: configure DMVPN NHRP parameters:
Step 5: save changes
Hub configuration: BGP
Navigate to the Network → Routing → Dynamic Routes → BGP Protocol page and follow the instructions provided below.
Step 1: enable BGP and configure General section:
Step 2: Create BGP Peer Group:
Step 3: Add two BGP peers for each spoke:
Spoke 1 configuration: DMVPN
Navigate to the Services → VPN → DMVPN page and follow the instructions provided below.
Step 1: create a new DMVPN instance:
Step 2: configure DMVPN Phase 1 parameters:
Step 3: configure DMVPN Phase 2 parameters:
Step 4: configure DMVPN NHRP parameters:
Step 5: save changes
Spoke 1 configuration: BGP
Navigate to the Network → Routing → Dynamic Routes → BGP Protocol page and follow the instructions provided below.
Step 1: enable BGP and configure General section:
Spoke 2 configuration: DMVPN
Navigate to the Services → VPN → DMVPN page and follow the instructions provided below.
Step 1: create a new DMVPN instance:
Step 2: configure DMVPN Phase 1 parameters:
Step 3: configure DMVPN Phase 2 parameters:
Step 4: configure DMVPN NHRP parameters:
Step 5: save changes
Spoke 2 configuration: BGP
Navigate to the Network → Routing → Dynamic Routes → BGP Protocol page and follow the instructions provided below.
Step 1: enable BGP and configure General section:
Important Note
For HUB in Network > Firewall GRE zone change from REJECT to ACCEPT on FORWARD.
For setups behind NAT specify Local identifier in the Services → VPN → DMVPN → IPsec section