Changes

DMVPN with IPsec Phase 3 (view source)

Revision as of 11:53, 26 January 2023

140 bytes added , 11:53, 26 January 2023

m

no edit summary

Line 23: Line 23:

<ul>

−

<li>2 Teltonika Routers for SPOKES</li>

+

<li>2 Teltonika Routers for '''SPOKES'''</li>

−

<li>1 Teltonika Router for HUB with a public IP address</li>

+

<li>1 Teltonika Router for '''HUB''' with a public IP address</li>

<li>A PC to configure the routers</li>

</ul>

Line 65: Line 65:

[[File:HUB main.png|alt=|border]]

----

−

Step 2: configure DMVPN Phase 1 parameters:

+

Step 2: configure '''DMVPN Phase 1''' parameters:

1. Encryption algorithm - AES 128

Line 75: Line 75:

[[File:Hub phase1.png|alt=|border]]

----

−

Step 3: configure DMVPN Phase 2 parameters:

+

Step 3: configure '''DMVPN Phase 2''' parameters:

1. Encryption algorithm - AES 128

Line 85: Line 85:

[[File:Hub phase2 fix.png|alt=|border]]

----

−

Step 4: configure DMVPN NHRP parameters:

+

Step 4: configure '''DMVPN NHRP''' parameters:

In the NHRP parameters section, it is important to enable '''REDIRECT''' option, which is essential to our Phase 3 configuration.

Line 97: Line 97:

Navigate to the Network → Routing → Dynamic Routes → BGP Protocol page and follow the instructions provided below.

−

Step 1: enable BGP and configure General section:

+

Step 1: enable '''BGP''' and configure General section:

1. Enable vty

Line 113: Line 113: −

Step 2: Create BGP Peer Group:

+

Step 2: Create '''BGP''' Peer Group:

- Add a Neighbor address for SPOKE 1 and SPOKE 2 (We used 10.0.0.1 and 10.0.0.2 which will be in the same subnet as our hub 10.0.0.254)

Line 123: Line 123: −

Step 3: Add two BGP peers for each spoke:

+

Step 3: Add two '''BGP''' peers for each spoke:

Now let's create BGP peers for Spokes on the same page. Add two new BGP peers with the following parameters:

Line 171: Line 171: −

Step 2: configure DMVPN Phase 1 parameters:

+

Step 2: configure '''DMVPN''' '''Phase 1''' parameters:

1. Select the Encryption algorithm - AES 128

Line 183: Line 183: −

Step 3: configure DMVPN Phase 2 parameters:

+

Step 3: configure '''DMVPN Phase 2''' parameters:

1. Select the Encryption algorithm AES 128

Line 195: Line 195: −

Step 4: configure DMVPN NHRP parameters:

+

Step 4: configure '''DMVPN NHRP''' parameters:

- In the NHRP parameters section, it is important to enable REDIRECT option, which is essential to our Phase 3 configuration.

Line 209: Line 209:

Navigate to the Network → Routing → Dynamic Routes → BGP Protocol page and follow the instructions provided below.

−

Step 1: enable BGP and configure General section:

+

Step 1: enable '''BGP''' and configure General section:

- Enable vty

Line 221: Line 221: −

Step 2: Create BGP Peer:

+

Step 2: Create '''BGP''' Peer:

- Set Remote AS to 65000

Line 253: Line 253: −

Step 2: configure DMVPN Phase 1 parameters:

+

Step 2: configure '''DMVPN Phase 1''' parameters:

- Select Encryption algorithm - AES 128

Line 263: Line 263:

[[File:Hub phase1.png|alt=spoke phase1|border]]

----

−

Step 3: configure DMVPN Phase 2 parameters:

+

Step 3: configure '''DMVPN Phase 2''' parameters:

- Select Encryption algorithm AES 128

Line 275: Line 275: −

Step 4: configure DMVPN NHRP parameters:

+

Step 4: configure '''DMVPN NHRP''' parameters:

- In the NHRP parameters section, it is important to enable REDIRECT option, which is essential to our Phase 3 configuration.

Line 289: Line 289:

Navigate to the Network → Routing → Dynamic Routes → BGP Protocol page and follow the instructions provided below.

−

Step 1: enable BGP and configure General section:

+

Step 1: enable '''BGP''' and configure General section:

- Enable vty

Line 301: Line 301: −

Step 2: Create BGP Peer:

+

Step 2: Create '''BGP''' Peer:

- Set Remote AS to 65000

Line 315: Line 315: −

For ~~HUB~~ in Network > Firewall GRE zone change from REJECT to ACCEPT on FORWARD.

+

For H'''UB''' in Network -> Firewall GRE zone change from '''REJECT''' to '''ACCEPT''' on '''FORWARD.'''

[[File:Firewall.png|alt=|border]]

TomasM

Administrators

154

edits