Teltonika Networks Wiki

Changes

DMVPN with IPsec Phase 3 (view source)

Revision as of 10:35, 11 January 2023

376 bytes removed ,  10:35, 11 January 2023
m
no edit summary
Line 49: Line 49:  
- Set IPsec Pre-shared key (we used simple 123456 for this example)
 
- Set IPsec Pre-shared key (we used simple 123456 for this example)
   −
<br>[[File:Dmvpn phase3 example1.png|alt=|border]]
+
<br>[[File:DMVPN phase3 example1.png|alt=|border]]
 
----
 
----
 
<b>Step 2</b>: configure DMVPN Phase 1 parameters:
 
<b>Step 2</b>: configure DMVPN Phase 1 parameters:
Line 152: Line 152:  
- Set GRE MTU to 1420  (this value should be set to the same value that was configured on the hub device. In our case, it is "1420")
 
- Set GRE MTU to 1420  (this value should be set to the same value that was configured on the hub device. In our case, it is "1420")
   −
- Set Local identifier, Remote identifier as %any and input the same Pre-shared key (This will determine how other devices will be identified for authentication)
+
- Set Local identifier (For setups behind NAT), Remote identifier as %any and input the same Pre-shared key (This will determine how other devices will be identified for authentication)
    
<br>[[File:DMVPN phase3 example4.png|alt=|border]]
 
<br>[[File:DMVPN phase3 example4.png|alt=|border]]
Line 236: Line 236:  
- Set GRE MTU to 1420  (this value should be set to the same value that was configured on the hub device. In our case, it is "1420")
 
- Set GRE MTU to 1420  (this value should be set to the same value that was configured on the hub device. In our case, it is "1420")
   −
- Set Local identifier, Remote identifier as %any and input the same Pre-shared key (This will determine how other devices will be identified for authentication)
+
- Set Local identifier (For setups behind NAT), Remote identifier as %any and input the same Pre-shared key (This will determine how other devices will be identified for authentication)
    
<br>[[File:DMVPN phase3 example5.png|alt=|border]]
 
<br>[[File:DMVPN phase3 example5.png|alt=|border]]
Line 309: Line 309:  
[[File:DMVPN HUB Phase3 example Firewall.png|border|class=tlt-border]]
 
[[File:DMVPN HUB Phase3 example Firewall.png|border|class=tlt-border]]
 
----
 
----
  −
  −
For setups behind NAT specify Local identifier in the <b>Services → VPN → DMVPN → IPsec section </b>
  −
  −
<nowiki>###</nowiki> Didn't we already set this during spoke configuration? It's a good point to mention/explain, but I don't think this should be at the bottom of the article, but instead should be next to IPsec config of each spoke
  −
  −
----
  −
[[File:DMVPN HUB Phase3 example Behind NAT.png|border|class=tlt-border]]
  −
      
<nowiki>###</nowiki> Need to show working configuration with pings or something. Also to verify that Phase 3 DMVPN condition is actually working.
 
<nowiki>###</nowiki> Need to show working configuration with pings or something. Also to verify that Phase 3 DMVPN condition is actually working.
Retrieved from "https://wiki.teltonika-networks.com/view/Special:MobileDiff/101427"