Jump to content
  • EN

DMVPN with IPsec Phase 3: Difference between revisions

← Older editNewer edit →
VisualWikitext
mNo edit summary
mNo edit summary
Line 23: Line 23:


<ul>
<ul>
     <li>2 Teltonika Routers for SPOKES</li>
     <li>2 Teltonika Routers for '''SPOKES'''</li>
     <li>1 Teltonika Router for HUB with a public IP address</li>
     <li>1 Teltonika Router for '''HUB''' with a public IP address</li>
     <li>A PC to configure the routers</li>
     <li>A PC to configure the routers</li>
</ul>
</ul>
Line 65: Line 65:
<br>[[File:HUB main.png|alt=|border]]
<br>[[File:HUB main.png|alt=|border]]
----
----
<b>Step 2</b>: configure DMVPN Phase 1 parameters:
<b>Step 2</b>: configure '''DMVPN Phase 1''' parameters:


1. Encryption algorithm - AES 128
1. Encryption algorithm - AES 128
Line 75: Line 75:
<br>[[File:Hub phase1.png|alt=|border]]
<br>[[File:Hub phase1.png|alt=|border]]
----
----
<b>Step 3</b>: configure DMVPN Phase 2 parameters:
<b>Step 3</b>: configure '''DMVPN Phase 2''' parameters:


1. Encryption algorithm - AES 128
1. Encryption algorithm - AES 128
Line 85: Line 85:
<br>[[File:Hub phase2 fix.png|alt=|border]]
<br>[[File:Hub phase2 fix.png|alt=|border]]
----
----
<b>Step 4</b>: configure DMVPN NHRP parameters:
<b>Step 4</b>: configure '''DMVPN NHRP''' parameters:


In the NHRP parameters section, it is important to enable '''REDIRECT''' option, which is essential to our Phase 3 configuration.
In the NHRP parameters section, it is important to enable '''REDIRECT''' option, which is essential to our Phase 3 configuration.
Line 97: Line 97:
Navigate to the <b>Network → Routing → Dynamic Routes → BGP Protocol</b> page and follow the instructions provided below.
Navigate to the <b>Network → Routing → Dynamic Routes → BGP Protocol</b> page and follow the instructions provided below.


<b>Step 1</b>: enable BGP and configure General section:
<b>Step 1</b>: enable '''BGP''' and configure General section:


1. Enable vty
1. Enable vty
Line 113: Line 113:




<b>Step 2</b>: Create BGP Peer Group:
<b>Step 2</b>: Create '''BGP''' Peer Group:


- Add a Neighbor address for SPOKE 1 and SPOKE 2 (We used 10.0.0.1 and 10.0.0.2 which will be in the same subnet as our hub 10.0.0.254)
- Add a Neighbor address for SPOKE 1 and SPOKE 2 (We used 10.0.0.1 and 10.0.0.2 which will be in the same subnet as our hub 10.0.0.254)
Line 123: Line 123:




<b>Step 3</b>: Add two BGP peers for each spoke:
<b>Step 3</b>: Add two '''BGP''' peers for each spoke:


Now let's create BGP peers for Spokes on the same page. Add two new BGP peers with the following parameters:
Now let's create BGP peers for Spokes on the same page. Add two new BGP peers with the following parameters:
Line 171: Line 171:




<b>Step 2</b>: configure DMVPN Phase 1 parameters:
<b>Step 2</b>: configure '''DMVPN''' '''Phase 1''' parameters:


1.  Select the Encryption algorithm - AES 128
1.  Select the Encryption algorithm - AES 128
Line 183: Line 183:




<b>Step 3</b>: configure DMVPN Phase 2 parameters:
<b>Step 3</b>: configure '''DMVPN Phase 2''' parameters:


1. Select the Encryption algorithm AES 128
1. Select the Encryption algorithm AES 128
Line 195: Line 195:




<b>Step 4</b>: configure DMVPN NHRP parameters:
<b>Step 4</b>: configure '''DMVPN NHRP''' parameters:


- In the NHRP parameters section, it is important to enable REDIRECT option, which is essential to our Phase 3 configuration.
- In the NHRP parameters section, it is important to enable REDIRECT option, which is essential to our Phase 3 configuration.
Line 209: Line 209:
Navigate to the <b>Network → Routing → Dynamic Routes → BGP Protocol</b> page and follow the instructions provided below.
Navigate to the <b>Network → Routing → Dynamic Routes → BGP Protocol</b> page and follow the instructions provided below.


<b>Step 1</b>: enable BGP and configure General section:
<b>Step 1</b>: enable '''BGP''' and configure General section:


- Enable vty
- Enable vty
Line 221: Line 221:




<b>Step 2</b>: Create BGP Peer:
<b>Step 2</b>: Create '''BGP''' Peer:


- Set Remote AS to 65000
- Set Remote AS to 65000
Line 253: Line 253:




<b>Step 2</b>: configure DMVPN Phase 1 parameters:
<b>Step 2</b>: configure '''DMVPN Phase 1''' parameters:


- Select Encryption algorithm - AES 128
- Select Encryption algorithm - AES 128
Line 263: Line 263:
<br>[[File:Hub phase1.png|alt=spoke phase1|border]]
<br>[[File:Hub phase1.png|alt=spoke phase1|border]]
----
----
<b>Step 3</b>: configure DMVPN Phase 2 parameters:
<b>Step 3</b>: configure '''DMVPN Phase 2''' parameters:


- Select Encryption algorithm AES 128
- Select Encryption algorithm AES 128
Line 275: Line 275:




<b>Step 4</b>: configure DMVPN NHRP parameters:
<b>Step 4</b>: configure '''DMVPN NHRP''' parameters:


- In the NHRP parameters section, it is important to enable REDIRECT option, which is essential to our Phase 3 configuration.
- In the NHRP parameters section, it is important to enable REDIRECT option, which is essential to our Phase 3 configuration.
Line 289: Line 289:
Navigate to the <b>Network → Routing → Dynamic Routes → BGP Protocol</b> page and follow the instructions provided below.
Navigate to the <b>Network → Routing → Dynamic Routes → BGP Protocol</b> page and follow the instructions provided below.


<b>Step 1</b>: enable BGP and configure General section:
<b>Step 1</b>: enable '''BGP''' and configure General section:


- Enable vty
- Enable vty
Line 301: Line 301:




<b>Step 2</b>: Create BGP Peer:
<b>Step 2</b>: Create '''BGP''' Peer:


- Set Remote AS to 65000
- Set Remote AS to 65000
Line 315: Line 315:




For HUB in Network > Firewall GRE zone change from REJECT to ACCEPT on FORWARD.
 
For H'''UB''' in Network -> Firewall GRE zone change from '''REJECT''' to '''ACCEPT''' on '''FORWARD.'''


[[File:Firewall.png|alt=|border]]
[[File:Firewall.png|alt=|border]]
Retrieved from "https://wiki.teltonika-networks.com/view/DMVPN_with_IPsec_Phase_3"