DMVPN with IPsec Phase 3: Difference between revisions

(6 intermediate revisions by 3 users not shown)

Line 1:

The information in this page is updated in accordance with [https://wiki.teltonika-networks.com/view/FW_%26_SDK_Downloads'''00.07.~~03.2~~'''] firmware version. .

The information in this page is updated in accordance with [https://wiki.teltonika-networks.com/view/FW_%26_SDK_Downloads'''00.07.05'''] firmware version. .

==Introduction==

Line 313:

----

===Important Note===

For '''HUB''' in Network → Firewall GRE zone change from '''REJECT''' to '''ACCEPT''' on '''FORWARD.'''

Also, disable '''Masquerading''' on '''HUB''' and '''ALL spokes''' for GRE → LAN zone forwardings

[[File:Firewall new.png|alt=|border]]

~~For '''HUB''' in Network -> Firewall GRE zone change from '''REJECT''' to '''ACCEPT''' on '''FORWARD.'''~~

[[File:Firewall.png|~~border~~|~~class=tlt-~~border]]

===Testing configuration===

Line 330:

Line 329:

[[File:Ping2.png|alt=|border]]

- Check routes in the HUB by executing command '''vtysh -c "show ip nhrp"'''

- Check routes in the HUB by executing *command '''vtysh -c "show ip nhrp"'''

Note: Vtysh check is unavailable with RUT200, RUT230, RUT240, RUT241, RUT260 devices.

[[File:Vtysh nhrp2.jpg|alt=|border]]

Line 338:

Line 339:

== Summary ==

At this point, the basic DMVPN configuration is complete and phase 3 will now take effect in order to dynamically establish connectivity between spokes. Using this method, additional spokes may be configured and added to the current topology. DMVPN Phase 3 technology will ensure that any newly introduced devices will be included in the final topology.

== References ==

[https://wiki.teltonika-networks.com/view/VPN_Configuration_Examples VPN configuration Examples]

Line 349:

Line 350:

[https://docs.strongswan.org/docs/5.9/index.html strongSwan Documentation]

[[Category:VPN]]