Line 155: |
Line 155: |
| <b>Step 1</b>: create a new DMVPN instance: | | <b>Step 1</b>: create a new DMVPN instance: |
| | | |
− | - Add HUB address (this is the public IP address of the previously configured hub device)
| + | 1. Add HUB address (this is the public IP address of the previously configured hub device) |
| | | |
− | - Select Tunnel source (this is the egress interface, which will be able to reach the hub device's public IP address over the internet)
| + | 2. Select Tunnel source (this is the egress interface, which will be able to reach the hub device's public IP address over the internet) |
| | | |
− | - Add Local GRE interface IP address (this is the GRE IP address of "Spoke 1". It should be unique in the entire VPN network)
| + | 3. Add Local GRE interface IP address (this is the GRE IP address of "Spoke 1". It should be unique in the entire VPN network) |
| | | |
− | - Add Remote GRE interface IP address (this is the GRE IP address of the previously configured hub device)
| + | 4. Add Remote GRE interface IP address (this is the GRE IP address of the previously configured hub device) |
| | | |
− | - Set GRE MTU to 1420 (this value should be set to the same value that was configured on the hub device. In our case, it is "1420")
| + | 5. Set GRE MTU to 1420 (this value should be set to the same value that was configured on the hub device. In our case, it is "1420") |
| | | |
− | - Set Local identifier (For setups behind NAT), Remote identifier as %any and input the same Pre-shared key (This will determine how other devices will be identified for authentication)
| + | 6. Set Local identifier (For setups behind NAT), Remote identifier as %any and input the same Pre-shared key (This will determine how other devices will be identified for authentication) |
| | | |
− | <br>[[File:DMVPN phase3 example4.png|alt=|border]] | + | <br>[[File:Spoke dmvpn.png|alt=|border]] |
| ---- | | ---- |
| | | |
Line 173: |
Line 173: |
| <b>Step 2</b>: configure DMVPN Phase 1 parameters: | | <b>Step 2</b>: configure DMVPN Phase 1 parameters: |
| | | |
− | - Select the Encryption algorithm - AES 128
| + | 1. Select the Encryption algorithm - AES 128 |
| | | |
− | - Select Authentication SHA256
| + | 2. Select Authentication SHA256 |
| | | |
− | - Select DH group MODP3072
| + | 3. Select DH group MODP3072 |
| | | |
− | <br>[[File:DMVPN phase3 example2.png|alt=|border]] | + | <br>[[File:Hub phase1.png|alt=spoke phase1|border]] |
| ---- | | ---- |
| | | |
Line 185: |
Line 185: |
| <b>Step 3</b>: configure DMVPN Phase 2 parameters: | | <b>Step 3</b>: configure DMVPN Phase 2 parameters: |
| | | |
− | - Select the Encryption algorithm AES 128
| + | 1. Select the Encryption algorithm AES 128 |
| | | |
− | - Select Hash algorithm SHA256
| + | 2. Select Hash algorithm SHA256 |
| | | |
− | - Select PFS group MODP3072
| + | 3. Select PFS group MODP3072 |
| | | |
− | <br>[[File:DMVPN phase3 example3.png|alt=|border]] | + | <br>[[File:Hub phase2 fix.png|alt=spoke phase2|border]] |
| ---- | | ---- |
| | | |
Line 201: |
Line 201: |
| - Leave everything by default | | - Leave everything by default |
| | | |
− | <br>[[File:DMVPN HUB Phase3 spoke example4.png|border|class=tlt-border]] | + | <br>[[File:Redirect.png|alt=Redirect|border]] |
| ---- | | ---- |
| <b>Step 5</b>: save changes | | <b>Step 5</b>: save changes |