How to configure Dynamic Multipoint VPN (DMVPN)
DMVPN stands for Dynamic Multipoint Virtual Private Network provides a secure, scalable network b y using IPsec encryption, generic routing encapsulation (GRE) and Next Hop Resolution Protocol (NHRP).
How DMVPN works
DMVPN building the IPsec and GRE connection is an easy and scalable solution.
Hub router has a permanent tunnel to all spokes routers but not between spokes to spokes.
A spoke can send their packet to others spokes using the NHRP server.
Basic steps for DMVPN Configuration:
- First define the ISAKMP Policy.
- Authentication
- Hash
- Encryption
- Group
- Establish IPsec transform set.
- Esp-des
- Esp-md5-hmac
- Esp-aes
- Asp-sha-hmac
- Configure tunnel group
- Group name
- Group policies
- Configure NHRP server
- Configure ipsec profile
- Router Protocols
First defined the IKE polices on hub router
crypto isakmp policy 10
hash md5
authentication pre-share
group 2
encryption des
crypto isakmp key phonenet address 0.0.0.0 0.0.0.0
crypto ipsec transform-set ts1 esp-des esp-md5-hmac
crypto ipsec profile dvpn
set transform-set ts1
interface Loopback0
ip address 192.168.1.1 255.255.255.0
interface Tunnel0
ip address 172.16.0.1 255.255.0.0
ip mtu 1416
ip nhrp authentication corvit
ip nhrp map multicast dynamic
ip nhrp network-id 99
tunnel source Ethernet0/0
tunnel mode gre multipoint
tunnel key 12345
tunnel protection ipsec profile dvpn
router eigrp 1
network 172.16.0.0
network 192.168.1.0
auto-summary
end
Configuring the Spoke for DMVPN
crypto isakmp policy 1
hash md5
authentication pre-share
group 2
encryption des
crypto isakmp key phonenet address 0.0.0.0 0.0.0.0
crypto ipsec transform-set ts1 esp-des esp-md5-hmac
crypto ipsec profile dvpn
set transform-set ts1
interface Loopback0
ip address 192.168.2.2 255.0.0.0
interface Tunnel0
ip address 172.16.0.2 255.255.0.0
ip mtu 1416
ip nhrp authentication corvit
ip nhrp map 172.16.0.1 1.1.1.1
ip nhrp map multicast 1.1.1.1
ip nhrp network-id 99
ip nhrp nhs 172.16.0.1
tunnel source Ethernet0/0
tunnel mode gre multipoint
tunnel key 12345
tunnel protection ipsec profile dvpn
router eigrp 1
network 172.16.0.0
network 192.168.2.0
auto-summary
Dear learner,
If you don’t know anything about DMVPN, check out these links: DMVPN Configuration