Dynamips/GNS3, .net files, and Cisco networking labs.
Andrewhbk
New Member
Posts:
14
Joined:
Sat Apr 14, 2012 3:07 am
Certs:
CCNP,CCDA

DMVPN

Thu Apr 19, 2012 7:28 am

Hi Guys,

I got a question for this design, when I used the logical loopback address on Hub and spoke tunnel interface, it could not form the tunnel as I would like to see. But when I change it to physical interface, it can form the tunnel. I wonder where it went wrong. I event change the to using serial interface v.35 but still can form tunnel, only if i change to physical interface serial and add the appropriate ip route then it can worked. Please help!

Here the config
Hub
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set MINE esp-3des
!
crypto ipsec profile DMVPN
set transform-set MINE
!
interface Loopback0
ip address 172.16.1.1 255.255.255.0
!
interface Tunnel0
ip address 10.1.1.1 255.255.255.0
no ip redirects
ip mtu 1416
ip hold-time eigrp 1 35
no ip next-hop-self eigrp 1
ip nhrp map multicast dynamic
ip nhrp network-id 1
no ip split-horizon eigrp 1
tunnel source loopback0
tunnel mode gre multipoint
tunnel protection ipsec profile DMVPN
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Serial1/0
ip address 192.168.1.100 255.255.255.0
serial restart-delay 0

router eigrp 1
network 10.0.0.0
network 172.16.0.0
network 192.168.0.0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip route 172.16.2.1 255.255.255.0 192.168.1.1

R2 as cloud
interface Serial1/0
description to Hub
ip address 192.168.1.1 255.255.255.0
serial restart-delay 0
clock rate 128000
no shut
!
interface Serial1/1
description to Spoke
ip address 192.168.2.1 255.255.255.0
serial restart-delay 0
clock rate 128000
no shut

Spoke
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set MINE esp-3des
!
crypto ipsec profile DMVPN
set transform-set MINE
!
interface Loopback0
ip address 172.16.2.1 255.255.255.0
!
interface Tunnel0
ip address 10.1.1.2 255.255.255.0
no ip redirects
ip mtu 1416
ip hold-time eigrp 1 35
no ip next-hop-self eigrp 1
ip nhrp map multicast 172.16.1.1
ip nhrp map 10.1.1.1 172.16.1.1
ip nhrp network-id 1
ip nhrp nhs 10.1.1.1
no ip split-horizon eigrp 1
tunnel source loopback0
tunnel mode gre multipoint
tunnel protection ipsec profile DMVPN
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Serial1/0
ip address 192.168.2.2 255.255.255.0
serial restart-delay 0
!
router eigrp 1
network 10.0.0.0
network 172.16.0.0
network 192.168.0.0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip route 172.16.1.1 255.255.255.255 192.168.2.1
Attachments
2012-04-19_201455.jpg
2012-04-19_201455.jpg (22.37 KiB) Viewed 2963 times

anubisg1
New Member
Posts:
5
Joined:
Sun Mar 27, 2011 1:47 am
Certs:
CCNA

Re: DMVPN

Tue Sep 01, 2015 5:44 am

yeah ... well...

your "internet" (R2) doesn't have routes for the loopbacks :) add proper static routers and you'll be good :)

add the following lines on R2:

ip route 172.16.1.1 255.255.255.0 192.168.1.100
ip route 172.16.2.1 255.255.255.0 192.168.2.2


Return to Dynamips/GNS3 and Labs

Who is online

Users browsing this forum: Majestic-12 [Bot] and 6 guests