DMVPN with IPsec Phase 3: Difference between revisions
(Created page with "==Introduction== This article contains instructions on how to configure DMVPN Phase 3 between a "Hub" and two "Spokes" using Teltonika devices. ==Prerequisites and overview=...") |
mNo edit summary |
||
| Line 23: | Line 23: | ||
Navigate to the <b>Services → VPN → DMVPN</b> page and follow the instructions provided below. | Navigate to the <b>Services → VPN → DMVPN</b> page and follow the instructions provided below. | ||
<b>Step 1</b>: create a new DMVPN instance:<br>[[File:DMVP_HUB_phase3_example1.png]] | <b>Step 1</b>: create a new DMVPN instance: | ||
- Select your HUB interface in the Tunnel source field | |||
- Set Local GRE interface IP address (for example, 10.0.0.254) | |||
- Set GRE MTU value | |||
- Set Pre-shared key | |||
<br>[[File:DMVP_HUB_phase3_example1.png]] | |||
---- | ---- | ||
<b>Step 2</b>: configure DMVPN Phase 1 parameters:<br>[[File:DMVP HUB phase3 example2.png]] | <b>Step 2</b>: configure DMVPN Phase 1 parameters:<br>[[File:DMVP HUB phase3 example2.png]] | ||
Revision as of 15:13, 15 December 2022
Main Page > General Information > Configuration Examples > VPN > DMVPN with IPsec Phase 3Introduction
This article contains instructions on how to configure DMVPN Phase 3 between a "Hub" and two "Spokes" using Teltonika devices.
Prerequisites and overview
You will need:
- 2 Teltonika Routers for "Spokes" and one for "Hub"
- A PC to configure the routers
- HUB must have a Public IP address
HUB configuration
This section contains information on how to configure DMVPN HUB. Firstly, we'll configure the DMVPN instance to make the connection possible. Then we'll set the Border Gateway Protocol (BGP) parameters as our dynamic routing solution.
Note: at the moment, BGP is the only stable dynamic routing solution that can work with DMVPNs.
HUB configuration: DMVPN
Navigate to the Services → VPN → DMVPN page and follow the instructions provided below.
Step 1: create a new DMVPN instance:
- Select your HUB interface in the Tunnel source field
- Set Local GRE interface IP address (for example, 10.0.0.254)
- Set GRE MTU value
- Set Pre-shared key
Step 2: configure DMVPN Phase 1 parameters:
Step 3: configure DMVPN Phase 2 parameters:
Step 4: configure DMVPN NHRP parameters:
Step 5: save changes
Hub configuration: BGP
Navigate to the Network → Routing → Dynamic Routes → BGP Protocol page and follow the instructions provided below.
Step 1: enable BGP and configure General section:
Step 2: Create BGP Peer Group:
Step 3: Add two BGP peers for each spoke:
Spoke 1 configuration: DMVPN
Navigate to the Services → VPN → DMVPN page and follow the instructions provided below.
Step 1: create a new DMVPN instance:
Step 2: configure DMVPN Phase 1 parameters:
Step 3: configure DMVPN Phase 2 parameters:
Step 4: configure DMVPN NHRP parameters:
Step 5: save changes
Spoke 1 configuration: BGP
Navigate to the Network → Routing → Dynamic Routes → BGP Protocol page and follow the instructions provided below.
Step 1: enable BGP and configure General section:
Step 2: Create BGP Peer:
Spoke 2 configuration: DMVPN
Navigate to the Services → VPN → DMVPN page and follow the instructions provided below.
Step 1: create a new DMVPN instance:
Step 2: configure DMVPN Phase 1 parameters:
Step 3: configure DMVPN Phase 2 parameters:
Step 4: configure DMVPN NHRP parameters:
Step 5: save changes
Spoke 2 configuration: BGP
Navigate to the Network → Routing → Dynamic Routes → BGP Protocol page and follow the instructions provided below.
Step 1: enable BGP and configure General section:
Step 2: Create BGP Peer:
Important Note
For HUB in Network > Firewall GRE zone change from REJECT to ACCEPT on FORWARD.
For setups behind NAT specify Local identifier in the Services → VPN → DMVPN → IPsec section
