DMVPN with IPsec Phase 3

From Teltonika Networks Wiki
Revision as of 16:13, 15 December 2022 by TomasM (talk | contribs)

Main Page > General Information > Configuration Examples > VPN > DMVPN with IPsec Phase 3

Introduction

This article contains instructions on how to configure DMVPN Phase 3 between a "Hub" and two "Spokes" using Teltonika devices.

Prerequisites and overview

You will need:

  • 2 Teltonika Routers for "Spokes" and one for "Hub"
  • A PC to configure the routers
  • HUB must have a Public IP address

HUB configuration

This section contains information on how to configure DMVPN HUB. Firstly, we'll configure the DMVPN instance to make the connection possible. Then we'll set the Border Gateway Protocol (BGP) parameters as our dynamic routing solution.

Note: at the moment, BGP is the only stable dynamic routing solution that can work with DMVPNs.

HUB configuration: DMVPN

Navigate to the Services → VPN → DMVPN page and follow the instructions provided below.

Step 1: create a new DMVPN instance:

- Select your HUB interface in the Tunnel source field

- Set Local GRE interface IP address (for example, 10.0.0.254)

- Set GRE MTU value

- Set Pre-shared key


DMVP HUB phase3 example1.png

Step 2: configure DMVPN Phase 1 parameters:
DMVP HUB phase3 example2.png

Step 3: configure DMVPN Phase 2 parameters:
DMVPN HUB Phase3 example3.png

Step 4: configure DMVPN NHRP parameters:
DMVPN HUB Phase3 example4.png

Step 5: save changes

Hub configuration: BGP

Navigate to the Network → Routing → Dynamic Routes → BGP Protocol page and follow the instructions provided below.

Step 1: enable BGP and configure General section:
DMVPN HUB Phase3 example5.png

Step 2: Create BGP Peer Group:
DMVPN HUB Phase3 example6.png

Step 3: Add two BGP peers for each spoke:
DMVPN HUB Phase3 example7.png

DMVPN HUB Phase3 example8.png


Spoke 1 configuration: DMVPN

Navigate to the Services → VPN → DMVPN page and follow the instructions provided below.

Step 1: create a new DMVPN instance:
DMVPN HUB Phase3 spoke1 example1.png

Step 2: configure DMVPN Phase 1 parameters:
DMVPN HUB Phase3 spoke example2.png

Step 3: configure DMVPN Phase 2 parameters:
DMVPN HUB Phase3 spoke example3.png

Step 4: configure DMVPN NHRP parameters:
DMVPN HUB Phase3 spoke example4.png

Step 5: save changes

Spoke 1 configuration: BGP

Navigate to the Network → Routing → Dynamic Routes → BGP Protocol page and follow the instructions provided below.

Step 1: enable BGP and configure General section:
DMVPN HUB Phase3 spoke example5.png

Step 2: Create BGP Peer:
DMVPN HUB Phase3 spoke example6.png

Spoke 2 configuration: DMVPN

Navigate to the Services → VPN → DMVPN page and follow the instructions provided below.

Step 1: create a new DMVPN instance:
DMVPN HUB Phase3 spoke2 example1.png

Step 2: configure DMVPN Phase 1 parameters:
DMVPN HUB Phase3 spoke2 example2.png

Step 3: configure DMVPN Phase 2 parameters:
DMVPN HUB Phase3 spoke2 example3.png

Step 4: configure DMVPN NHRP parameters:
DMVPN HUB Phase3 spoke2 example4.png

Step 5: save changes

Spoke 2 configuration: BGP

Navigate to the Network → Routing → Dynamic Routes → BGP Protocol page and follow the instructions provided below.

Step 1: enable BGP and configure General section:
DMVPN HUB Phase3 spoke2 example5.png

Step 2: Create BGP Peer:
DMVPN HUB Phase3 spoke2 example6.png

Important Note

For HUB in Network > Firewall GRE zone change from REJECT to ACCEPT on FORWARD.

DMVPN HUB Phase3 example Firewall.png

For setups behind NAT specify Local identifier in the Services → VPN → DMVPN → IPsec section

DMVPN HUB Phase3 example Behind NAT.png

Retrieved from "https://wiki.teltonika-networks.com/index.php?title=DMVPN_with_IPsec_Phase_3&oldid=100386"