Get 30% off ITprotv.com with: You can use promo code: OSCAROGANDO2 Follow Me on Twitter: https://twitter.com/CCNADailyTIPS
DMVPN stands for Dynamic Multipoint VPN. It is a technique where we can build a VPN network on hub-spoke topologies dynamically without having the need to configure the devices statically. DMVPN also supports IPsec encryption and hence is a popular technique for building tunnels over internet connectivity thus acting as an alternative to MPLS connectivity solutions. DMVPN is usually deployed in HUB and Spoke topologies. Hub has a single multipoint tunnel interface and all the spoke sites have a single point-point tunnel interface with Hub site.
DMVPN has three phases and in this post we will discuss the first DMVPN phase. In 1st phase there can’t be any Spoke to spoke communication directly. Any spoke that needs to speak to another spoke site has to go through a Hub site in phase 1.
DMVPN Phase 1 Commands Explained:
tunnel mode: by default the tunnel mode will be point-to-point GRE, we require a multipoint interface on the hub. tunnel source: the tunnel destinations will be dynamic but we still have to configure the source, our Gigabit0/1 interface. ip nhrp authentication: we can authenticate our NHRP traffic, it’s optional but a good idea to enable. I’m using pre-shared key “DMVPN”. ip nhrp map multicast dynamic: this command tells the hub router where to forward multicast packets to. Since the IP addresses of the spoke routers are unknown, we use dynamic to automatically add their IP addresses to the multicast destination list when the spokes register themselves. ip nhrp network-id: when you use multiple DMVPN networks, you need the network ID to differentiate between the two networks. This value is only locally significant but for troubleshooting reasons it’s best to use the same value on all routers.