31,703
edits
Changes
→Cisco Spoke configuration: BGP
<li>At least two RUT9xx routers</li>
<li>At least two RUT9xx routers</li>
<li>A PC to configure the routers</li>
<li>A PC to configure the routers</li>
<li>(optional) A Cisco router</li><li>HUB has to be reachable from spokes (HUB must have Public IP address, or has to be in the same WAN network as Spokes)
</li>
</ul>
</ul>
----
----
==Spoke configuration==
==Spoke configuration==
This section contains information on how to configure DMVPN <b>Spokes</b>. Firstly, we'll configure the DMVPN instance to make to the connection possible. Then we'll the <b>Border Gateway Protocol</b> (<b>BGP</b>) parameters as our dynamic routing solution.
This section contains information on how to configure DMVPN <b>Spokes</b>. Firstly, we'll configure the DMVPN instance to make to the connection possible. Then we'll set the <b>Border Gateway Protocol</b> (<b>BGP</b>) parameters as our dynamic routing solution.
<b>Note</b>: at the moment, BGP is the only stable dynamic routing solution that can work with DMVPNs.
<b>Note</b>: at the moment, BGP is the only stable dynamic routing solution that can work with DMVPNs.
<b>Step 1</b>: enable BGP:<br>[[File:Dmvpn_5_1_v1.png]]
<b>Step 1</b>: enable BGP:<br>[[File:Dmvpn_5_1_v1.png]]
----
----
<b>Step 2</b>: configure BGP instance:<br>[[File:Dmvpn_2_1_v1.png]]
<b>Step 2</b>: configure BGP instance:<br>[[File:Dmvpn_5_2_v1.png]]
----
----
<b>Step 3</b>: configure BGP peer:<br>[[File:Dmvpn_2_2_v1.png]]
<b>Step 3</b>: configure BGP peer:<br>[[File:Dmvpn_5_3_v1.png]]
----
----
<b>Step 4</b>: save changes
<b>Step 4</b>: save changes
----
----
<b>Step 4</b>: save changes
<b>Step 4</b>: save changes
==Cisco configuration==
If you plan on using a Cisco router with this topology, you can use the configuration provided in this section. The configuration is set in accordance with the configuration scheme in [[DMVPN_configuration#Prerequisites_and_overview|section 2]] of this article.
===Cisco Spoke configuration: DMVPN===
----
crypto isakmp policy 1
encr aes
hash md5
authenticatio pre-share
group 5
!
crypto isakmp key 1234 address 192.168.1.30
!
!
crypto ipsec transform-set DMVPN-TS esp-3des esp-md5-sha256
mode transport
!
crypto ipsec profile DMVPN
set security-association lifetime secnds 86400
set transform-set DMVPN-TS
!
interface Tunnel0
description mGRE - DMVPN Tunnel
ip address 10.1.1.1 255.255.255.0
ip nhrp network-id 1
ip nhrp nhs 10.1.1.3 nbma 192.168.1.30
ip nhrp shortcut
ip nhrp redirect
tunnel source GigabitEthernet0/0/1
tunnel destination 192.168.1.30
tunnel key 1234
tunnel protectio ipsec profile DMVPN
!
interface GigabitEthernet0/0/1
description Wired DMVPN
ip address 192.168.1.100 255.255.255.0
negotiation auto
===Cisco Spoke configuration: BGP===
----
router bgp 65002
bgp log-neighbor-changes
network 10.1.1.0 mask 255.255.255.0
neighbor spokes-ibgp peer-group
neighbor spokes-ibgp remote-as 65001
neighbor spokes-ibgp route-reflector-client
neighbor spokes-ibgp soft-reconfiguration inbound
neighbor 10.1.1.3 peer-group spokes-ibgp
===Cisco Hub configuration===
----
interface Tunnel0
description mGRE - DMVPN Tunnel
ip address 10.1.1.3 255.255.255.0
ip nhrp network-id 1
ip nhrp nhs dynamic nbma multicast
ip nhrp shortcut
ip nhrp redirect
tunnel source GigabitEthernet0/0/1
tunnel key 1234
tunnel protection ipsec profile DMVPN
!
router bgp 65001
bgp log-neighbor-changes
network 10.1.1.0 mask 255.255.255.0
neighbor spokes-ibgp peer-group
neighbor spokes-ibgp remote-as 65001
neighbor spokes-ibgp route-reflector-client
neighbor spokes-ibgp soft-reconfiguration inbound
neighbor 10.1.1.3 peer-group spokes-ibgp
neighbor 10.1.1.2 peer-group spokes-ibgp
