Scribd Logo
Upload

Welcome to Scribd!

  • 110 views

    DMVPN Configuration

    Uploaded by

    Sithu Maw
    The document describes the configuration of a DMVPN network connecting a headquarters router to two branch routers. Dynamic multipoint VPN (DMVPN) allows VPN tunnels to be established on an as-needed basis between the routers. Tunnel interfaces using multipoint GRE are configured on the routers with a common network ID. Routing protocols advertise the tunnel and LAN networks so that branch routers can directly communicate without traversing the headquarters router, bypassing it to reduce traffic loads. Interface, tunnel, routing and DHCP configurations are shown for the headquarters and branch routers to establish the DMVPN.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    DMVPN Configuration

    Uploaded by

    Sithu Maw
    110 views6 pages
    The document describes the configuration of a DMVPN network connecting a headquarters router to two branch routers. Dynamic multipoint VPN (DMVPN) allows VPN tunnels to be established on an as-needed basis between the routers. Tunnel interfaces using multipoint GRE are configured on the routers with a common network ID. Routing protocols advertise the tunnel and LAN networks so that branch routers can directly communicate without traversing the headquarters router, bypassing it to reduce traffic loads. Interface, tunnel, routing and DHCP configurations are shown for the headquarters and branch routers to establish the DMVPN.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document describes the configuration of a DMVPN network connecting a headquarters router to two branch routers. Dynamic multipoint VPN (DMVPN) allows VPN tunnels to be established on an as-needed basis between the routers. Tunnel interfaces using multipoint GRE are configured on the routers with a common network ID. Routing protocols advertise the tunnel and LAN networks so that branch routers can directly communicate without traversing the headquarters router, bypassing it to reduce traffic loads. Interface, tunnel, routing and DHCP configurations are shown for the headquarters and branch routers to establish the DMVPN.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    110 views6 pages

    DMVPN Configuration

    Uploaded by

    Sithu Maw
    The document describes the configuration of a DMVPN network connecting a headquarters router to two branch routers. Dynamic multipoint VPN (DMVPN) allows VPN tunnels to be established on an as-needed basis between the routers. Tunnel interfaces using multipoint GRE are configured on the routers with a common network ID. Routing protocols advertise the tunnel and LAN networks so that branch routers can directly communicate without traversing the headquarters router, bypassing it to reduce traffic loads. Interface, tunnel, routing and DHCP configurations are shown for the headquarters and branch routers to establish the DMVPN.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 6
    At a glance
    Powered by AI
    The key takeaways are that DMVPN allows for dynamic establishment of VPN tunnels on an as-needed basis using mGRE and NHRP. This allows spoke routers to directly connect and route traffic to each other without traversing the hub router.

    DMVPN allows VPN tunnels to be setup and torn down dynamically based on traffic needs using mGRE tunnels and NHRP. This allows spoke routers to connect directly to each other via these tunnels without using the hub router as an intermediary, improving network efficiency.

    NHRP is used in DMVPN to allow interfaces configured for mGRE to dynamically discover the IP addresses of devices on the other end of a tunnel. This allows the spoke routers to learn each other's tunnel IP addresses and form direct tunnels without relying on static configurations.

     DMVPN:- allows VPN tunnels to be setup and torn down on an as-needed basis

     Multipoint GRE (mGRE):- Allows a single router interface to have multiple GRE tunnels.
     In HUB and Spoke Topology DMVPN have a ability to allow us to directly connect Spoke
    router without using HUB
     This means our Spoke routers traffic directly going with each other without disturbing
    the HUB router

     HQ_INDIA interface Configuration:-


     HQ_INDIA(config)#interface fastEthernet 0/0
     HQ_INDIA(config-if)#description CONNECTED WITH SW1
     HQ_INDIA(config-if)#ip address 192.168.2.1 255.255.255.0
     HQ_INDIA(config-if)#no shut
     HQ_INDIA(config-if)#exit

     HQ_INDIA(config)#interface fastEthernet 0/1


     HQ_INDIA(config-if)#description CONNECTED WITH INTERNET
     HQ_INDIA(config-if)#ip address 100.100.100.2 255.255.255.252 {static ip needed
    on HQ }
     HQ_INDIA(config-if)#no shut
     HQ_INDIA(config-if)#exit

     Internet Router interfaces Configuration:-


     internet(config)#interface Ethernet 1/0
     internet(config-if)#description CONNECTED WITH HQ_INDIA
     internet(config-if)#ip address 100.100.100.1 255.255.255.252
     internet(config-if)#no shut
     internet(config-if)#exit

     internet(config)#interface fastEthernet 0/1


     internet(config-if)#description CONNECTED WITH BRANCH2
     internet(config-if)#ip address 100.100.100.9 255.255.255.252
     internet(config-if)#no shut
     internet(config-if)#exit

     internet(config)#interface fastEthernet 0/0


     internet(config-if)#description CONNECTED WITH BRANCH3
     internet(config-if)#ip address 100.100.100.5 255.255.255.252
     internet(config-if)#no shut
     internet(config-if)#exit

     DHCP Server Configuration for Branch1 and Branch2 Routers for Dynamic ip address
     We Suppose that these Connection are Cable modem or DSL or any

     internet(config)#ip dhcp pool BRANCH2


     internet(dhcp-config)#default-router 100.100.100.9
     internet(dhcp-config)#network 100.100.100.8 255.255.255.252
     internet(dhcp-config)#exit

     internet(config)#ip dhcp pool BRANCH3


     internet(dhcp-config)#default-router 100.100.100.5
     internet(dhcp-config)#network 100.100.100.4 255.255.255.252
     internet(dhcp-config)#exit

     Branch_2 Router interfaces Configuration:-


     Branch_2(config)#interface fastEthernet 0/1
     Branch_2(config-if)#description CONNECTED WITH INTERNET
     Branch_2(config-if)#ip address dhcp
     Branch_2(config-if)#no shut
     Branch_2(config-if)#exit
     Branch_2(config-if)#interface fastEthernet 0/0
     Branch_2(config-if)#description CONNECTED WITH SW2
     Branch_2(config-if)#ip address 192.168.4.1 255.255.255.0
     Branch_2(config-if)#no shut
     Branch_2(config-if)#exit

     Branch_3(config)#interface fastEthernet 0/1


     Branch_3(config-if)#description CONNECTED WITH INTERNET
     Branch_3(config-if)#ip address dhcp
     Branch_3(config-if)#no shut
     Branch_3(config-if)#exit

     Branch_3(config)#interface fastEthernet 0/0


     Branch_3(config-if)#description CONNECTED WITH SW3
     Branch_3(config-if)#ip address 192.168.3.1 255.255.255.0
     Branch_3(config-if)#no shut
     Branch_3(config-if)#exit
    Terms:-
     DEMVPN:- allows VPN tunnels to be setup and torn down on an as-needed basis
     Multipoint GRE (mGRE):- Allows a single router interface to have multiple GRE
    tunnels.
     NHRP {Next Hop Resolution Protocol}:- Allows an interface configured for mGRE to
    discover the IP address of the devices at the far end of a tunnel.

     Tunnel interface Configuration


     HQ_INDIA(config)#interface Tunnel 1
     HQ_INDIA(config-if)# ip address 10.250.250.1 255.255.255.0 {tunnel ip address}
     HQ_INDIA(config-if)# ip mtu 1400
     HQ_INDIA(config-if)# ip nhrp authentication cisco {Authentication key}
     HQ_INDIA(config-if)# ip nhrp map multicast dynamic {dynamically resolve next hop}
     HQ_INDIA(config-if)# ip nhrp network-id 1 {all router have same network id}
     HQ_INDIA(config-if)# ip tcp adjust-mss 1360 {mss:- maximum segment size
    maximum TCP packets size}
     HQ_INDIA(config-if)# no ip split-horizon {Disable the Split-horizon}
     HQ_INDIA(config-if)# tunnel source FastEthernet0/1 {source interface}
     HQ_INDIA(config-if)# tunnel mode gre multipoint
     HQ_INDIA(config-if)#end

     HQ_INDIA(config)#ip route 0.0.0.0 0.0.0.0 f0/1


     Routing Protocol Configuration to advertise and form neighbor relationship
     HQ_INDIA(config)#router rip
     HQ_INDIA(config-router)#version 2
     HQ_INDIA(config-router)#network 192.168.2.0 {Advertise Lan networks}
     HQ_INDIA(config-router)#network 10.250.250.0 {advertise Tunnel networks}
     HQ_INDIA(config-router)#no auto-summary
     HQ_INDIA(config-router)#exit

     Branch_2 Router interfaces Configuration


     Branch_2(config)#interface Tunnel 1
     Branch_2(config-if)# ip address 10.250.250.2 255.255.255.0
     Branch_2(config-if)# ip mtu 1400
     Branch_2(config-if)# ip nhrp authentication cisco
     Branch_2(config-if)# ip nhrp map multicast dynamic
     Branch_2(config-if)# ip nhrp map 10.250.250.1 100.100.100.2 {map the HQ router of
    first tunnel interface and second public ip address}
     Branch_2(config-if)# ip nhrp map multicast 100.100.100.2 {multicast traffic allowed for
    HQ router Public address}
     Branch_2(config-if)# ip nhrp network-id 1
     Branch_2(config-if)# ip nhrp nhs 10.250.250.1 {nhs:-next-hop-server private
    ip address of HQ tunnel interface}
     Branch_2(config-if)# ip tcp adjust-mss 1360
     Branch_2(config-if)# tunnel source FastEthernet0/1
     Branch_2(config-if)# tunnel mode gre multipoint
     Branch_2(config-if)#end

     Routing Protocol Configuration to advertise and form neighbor relationship


     Branch_2(config)#router rip
     Branch_2(config-router)#version 2
     Branch_2(config-router)#network 192.168.4.0 {Advertise Lan networks}
     Branch_2(config-router)#network 10.250.250.0 {advertise Tunnel networks}
     Branch_2(config-router)#no auto-summary
     Branch_2(config-router)#exit

     Branch_2(config)#ip route 0.0.0.0 0.0.0.0 f0/1

     Branch_3 Router Tunnel interface Configuration:-


     Branch_3(config)#interface Tunnel1
     Branch_3(config-if)# ip address 10.250.250.3 255.255.255.0
     Branch_3(config-if)# ip mtu 1400
     Branch_3(config-if)# ip nhrp authentication cisco
     Branch_3(config-if)# ip nhrp map multicast dynamic
     Branch_3(config-if)# ip nhrp map 10.250.250.1 100.100.100.2 {map the HQ router of
    first tunnel interface and second public ip address}
     Branch_3(config-if)# ip nhrp map multicast 100.100.100.2 {multicast traffic allowed
    for HQ router Public address}
     Branch_3(config-if)# ip nhrp network-id 1
     Branch_3(config-if)# ip nhrp nhs 10.250.250.1 {nhs:-next-hop-server
    private ip address of HQ tunnel interface}
     Branch_3(config-if)# ip tcp adjust-mss 1360
     Branch_3(config-if)# tunnel source FastEthernet0/1
     Branch_3(config-if)# tunnel mode gre multipoint
     Branch_3(config-if)#end

     Routing Protocol Configuration to advertise and form neighbor relationship


     Branch_3(config)#router rip
     Branch_3(config-router)#version 2
     Branch_3(config-router)#network 192.168.3.0 {Advertise Lan networks}
     Branch_3(config-router)#network 10.250.250.0 {advertise Tunnel networks}
     Branch_3(config-router)#no auto-summary
     Branch_3(config-router)#exit

     Branch_3(config)#ip route 0.0.0.0 0.0.0.0 f0/1

     Troubleshooting & Verification Commands


     Show ip route
     Show ip interface brief
     Show ip protocols
     Show ip nhrp
     Show ip nhrp brief

     Now test
    “Ping and traceroute” PC2 to PC3
    PC3 to PC2
    PC1 to PC2
    PC1 to PC3

     What we will see Traffic from PC2 to PC3 will directly going from Branch2 to Branch3
     And PC3 to PC2 will directly going from Branch3 to Branch2
     And will bypass the HQ to reach these destination
     And if we ping from internet router to our routers for these 10.250.250.0/24 or
    192.168.x.x. networks
     internet router will fail that’s mean our all traffic is going through multiple tunnels

    X
    ccnaccnplinux.blogspot.com
    www.anysoftwarecrack.blogspot.com

    You might also like