DMVPN – Phase 1 with EIGRP

Here is a quick and clean DMVPN Phase 1 Configuration:

HUB

IPsec:

HUB01(config)# crypto isakmp policy 10
HUB01(config-isakmp)# encr 3des
HUB01(config-isakmp)# hash md5
HUB01(config-isakmp)# authentication pre-share

HUB01(config)# crypto isakmp key CISCO address 0.0.0.0 0.0.0.0

HUB01(config)#crypto ipsec transform-set TR_SET esp-3des
HUB01(cfg-crypto-trans)# mode transport

HUB01(config)# crypto ipsec profile DMVPN
HUB01(config-profile)# set transform-set TR_SET

Tunnel:

HUB01(config)# interface tunnel 0
HUB01(config-if)# ip address 192.168.200.1 255.255.255.0
HUB01(config-if)# ip mtu 1400
HUB01(config-if)# ip tcp adjust-mss 1360
HUB01(config-if)# ip nhrp authentication DMVPN
HUB01(config-if)# ip nhrp map multicast dynamic
HUB01(config-if)# ip nhrp network-id 1
HUB01(config-if)# ip nhrp holdtime 60
HUB01(config-if)# ip nhrp registration no-unique
HUB01(config-if)# tunnel source FastEthernet0/1 (WAN interface)
HUB01(config-if)# tunnel mode gre multipoint
HUB01(config-if)# tunnel key 1234
HUB01(config-if)# tunnel protection ipsec profile DMVPN
HUB01(config-if)# no ip eigrp 1 split-horizon eigrp 1
HUB01(config-if)# bandwidth 1000 (use actual bandwidth)

EIGRP

HUB01(config)# router eigrp 1
HUB01(config-router)# no auto-summary
HUB01(config-router)# network 192.168.200.0
HUB01(config-router)# network 10.0.0.0 0.0.0.255 (internal network)

IP Route

Remember to add a default route to the outside network, or a specific route for the outside interface of the DMVPN spoke interface

———————————————————————————

SPOKE

IPsec:

SPOKE01(config)# crypto isakmp policy 10
SPOKE01(config-isakmp)# encr 3des
SPOKE01(config-isakmp)# hash md5
SPOKE01(config-isakmp)# authentication pre-share

SPOKE01(config)# crypto isakmp key CISCO address 0.0.0.0 0.0.0.0

SPOKE01(config)#crypto ipsec transform-set TR_SET esp-3des
SPOKE01(cfg-crypto-trans)# mode transport

SPOKE01(config)# crypto ipsec profile DMVPN
SPOKE01(config-profile)# set transform-set TR_SET

Tunnel:

SPOKE01(config)# interface tunnel 0
SPOKE01(config-if)# ip address 192.168.200.2 255.255.255.0
SPOKE01(config-if)# ip mtu 1400
SPOKE01(config-if)# ip tcp adjust-mss 1360
SPOKE01(config-if)# ip nhrp authentication DMVPN
SPOKE01(config-if)# ip nhrp map 192.168.200.1 1.1.1.1 (Ext IP of Hub router)
SPOKE01(config-if)# ip nhrp network-id 1
SPOKE01(config-if)# ip nhrp holdtime 60
SPOKE01(config-if)# ip nhs 192.168.200.1
SPOKE01(config-if)# tunnel source FastEthernet0/1 (WAN interface)
SPOKE01(config-if)# tunnel destination 1.1.1.1 (Ext IP of Hub router)
SPOKE01(config-if)# tunnel key 1234
SPOKE01(config-if)# tunnel protection ipsec profile DMVPN
SPOKE01(config-if)# bandwidth 1000 (use actual bandwidth)

EIGRP

SPOKE01(config)# router eigrp 1
SPOKE01(config-router)# no auto-summary
SPOKE01(config-router)# network 192.168.200.0
SPOKE01(config-router)# network 172.16.0.0 0.0.0.255 (internal network)
SPOKE01(config-router)# eigrp stub

IP Route

Remember to add a default route to the outside network, or a specific route for the outside interface of the DMVPN Hub interface

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s