DMVPN with IPsec Phase 3: Difference between revisions

Line 49:

- Set IPsec Pre-shared key (we used simple 123456 for this example)

[[File:~~Dmvpn~~ phase3 example1.png|alt=|border]]

[[File:DMVPN phase3 example1.png|alt=|border]]

----

Step 2: configure DMVPN Phase 1 parameters:

Line 152:

- Set GRE MTU to 1420 (this value should be set to the same value that was configured on the hub device. In our case, it is "1420")

- Set Local identifier, Remote identifier as %any and input the same Pre-shared key (This will determine how other devices will be identified for authentication)

- Set Local identifier (For setups behind NAT), Remote identifier as %any and input the same Pre-shared key (This will determine how other devices will be identified for authentication)

[[File:DMVPN phase3 example4.png|alt=|border]]

Line 236:

- Set GRE MTU to 1420 (this value should be set to the same value that was configured on the hub device. In our case, it is "1420")

- Set Local identifier, Remote identifier as %any and input the same Pre-shared key (This will determine how other devices will be identified for authentication)

- Set Local identifier (For setups behind NAT), Remote identifier as %any and input the same Pre-shared key (This will determine how other devices will be identified for authentication)

[[File:DMVPN phase3 example5.png|alt=|border]]

Line 309:

[[File:DMVPN HUB Phase3 example Firewall.png|border|class=tlt-border]]

----

~~For setups behind NAT specify Local identifier in the Services → VPN → DMVPN → IPsec section ~~

<nowiki>###</nowiki> Didn't we already set this during spoke configuration? It's a good point to mention/explain, but I don't think this should be at the bottom of the article, but instead should be next to IPsec config of each spoke

~~----~~

~~[[File:DMVPN HUB Phase3 example Behind NAT.png|border|class=tlt-border]]~~

<nowiki>###</nowiki> Need to show working configuration with pings or something. Also to verify that Phase 3 DMVPN condition is actually working.