Difference between revisions of "DMVPN configuration"

From Teltonika Networks Wiki
Line 10: Line 10:
 
     <li>At least two RUT9xx routers</li>
 
     <li>At least two RUT9xx routers</li>
 
     <li>A PC to configure the routers</li>
 
     <li>A PC to configure the routers</li>
    <li>(optional) A Cisco router</li>
 
 
</ul>
 
</ul>
 
----
 
----
Line 83: Line 82:
 
----
 
----
 
<b>Step 4</b>: save changes
 
<b>Step 4</b>: save changes
 
==Cisco configuration==
 
 
If you plan on using a Cisco router with this topology, you can use the configuration provided in this section. The configuration is set in accordance with the configuration scheme in [[DMVPN_configuration#Prerequisites_and_overview|section 2]] of this article.
 
 
===Cisco Spoke configuration: DMVPN===
 
----
 
 
crypto isakmp policy 1
 
encr aes
 
hash md5
 
authenticatio pre-share
 
group 5
 
!
 
crypto isakmp key 1234 address 192.168.1.30
 
!
 
!
 
crypto ipsec transform-set DMVPN-TS esp-3des esp-md5-sha256
 
mode transport
 
!
 
crypto ipsec profile DMVPN
 
set security-association lifetime secnds 86400
 
set transform-set DMVPN-TS
 
!
 
interface Tunnel0
 
description mGRE - DMVPN Tunnel
 
ip address 10.1.1.1 255.255.255.0
 
ip nhrp network-id 1
 
ip nhrp nhs 10.1.1.3 nbma 192.168.1.30
 
ip nhrp shortcut
 
ip nhrp redirect
 
tunnel source GigabitEthernet0/0/1
 
tunnel destination 192.168.1.30
 
tunnel key 1234
 
tunnel protectio ipsec profile DMVPN
 
!
 
interface GigabitEthernet0/0/1
 
description Wired DMVPN
 
ip address 192.168.1.100 255.255.255.0
 
negotiation auto
 
 
===Cisco Spoke configuration: BGP===
 
----
 
 
router bgp 65001
 
bgp log-neighbor-changes
 
network 10.1.1.0 mask 255.255.255.0
 
neighbor spokes-ibgp peer-group
 
neighbor spokes-ibgp remote-as 65001
 
neighbor spokes-ibgp route-reflector-client
 
neighbor spokes-ibgp soft-reconfiguration inbound
 
neighbor 10.1.1.3 peer-group spokes-ibgp
 
 
===Cisco Hub configuration===
 
----
 
interface Tunnel0
 
description mGRE - DMVPN Tunnel
 
ip address 10.1.1.1 255.255.255.0
 
ip nhrp network-id 1
 
ip nhrp nhs dynamic nbma multicast
 
ip nhrp shortcut
 
ip nhrp redirect
 
tunnel source GigabitEthernet0/0/1
 
tunnel key 1234
 
tunnel protection ipsec profile DMVPN
 
!
 
router bgp 65001
 
bgp log-neighbor-changes
 
network 10.1.1.0 mask 255.255.255.0
 
neighbor spokes-ibgp peer-group
 
neighbor spokes-ibgp remote-as 65001
 
neighbor spokes-ibgp route-reflector-client
 
neighbor spokes-ibgp soft-reconfiguration inbound
 
neighbor 10.1.1.3 peer-group spokes-ibgp
 
neighbor 10.1.1.2 peer-group spokes-ibgp
 

Revision as of 14:21, 1 April 2019

Introduction

Dynamic Multipoint VPN (DMVPN) is a dynamic tunneling form of a virtual private network (VPN) supported on Cisco routers. This article contains step-by-step instructions on how to configure DMVPN between a "Hub" and two "Spokes" using RUT9xx routers.

Prerequisites and overview

You will need:

  • At least two RUT9xx routers
  • A PC to configure the routers

Configuration scheme:

Dmvpn overview.png

Spoke configuration

This section contains information on how to configure DMVPN Spokes. Firstly, we'll configure the DMVPN instance to make to the connection possible. Then we'll the Border Gateway Protocol (BGP) parameters as our dynamic routing solution.

Note: at the moment, BGP is the only stable dynamic routing solution that can work with DMVPNs.

Spoke configuration: DMVPN

Navigate to the Services → VPN → DMVPN page and follow the instructions provided below.

Step 1: create a new DMVPN instance:
Dmvpn 1 v1.png

Step 2: configure DMVPN parameters:
Dmvpn 2 1 v1.png

Step 3: configure GRE parameters:
Dmvpn 2 2 v1.png

Step 4: configure IPsec parameters:
Dmvpn 2 3 v1.png

Step 5: configure NHRP parameters or leave default values:
Dmvpn 2 4 v1.png

Step 6: save changes

Repeat this on different routers as many times as the number of Spokes that you need. Remember that other Spokes will have different LAN, WAN and GRE IP addresses.

Spoke configuration: BGP

Navigate to the Network → Routing → Dynamic Routes → BGP Protocol page and follow the instructions provided below.

Step 1: enable BGP:
Dmvpn 5 1 v1.png

Step 2: configure BGP instance:
Dmvpn 2 1 v1.png

Step 3: configure BGP peer:
Dmvpn 2 2 v1.png

Step 4: save changes

Hub configuration

Hub configuration: DMVPN

Navigate to the Services → VPN → DMVPN page and follow the instructions provided below.

Step 1: create a new DMVPN instance:
Dmvpn 2 0 v1.png

Step 2: configure DMVPN parameters:
Dmvpn 3 1 v1.png

Step 3: configure GRE parameters:
Dmvpn 3 2 v1.png

Step 4: configure IPsec parameters:
Dmvpn 3 3 v1.png

Step 5: configure NHRP parameters or leave default values:
Dmvpn 3 4 v1.png

Step 6: save changes

Hub configuration: BGP

Navigate to the Network → Routing → Dynamic Routes → BGP Protocol page and follow the instructions provided below.

Step 1: enable BGP:
Dmvpn 4 1 v1.png

Step 2: configure BGP instance:
Dmvpn 4 2 v1.png

Step 3: configure BGP peer group:
Dmvpn 4 3 v1.png

Step 4: save changes

Retrieved from "https://wiki.teltonika-networks.com/index.php?title=DMVPN_configuration&oldid=31571"