Cisco Systems 3725, 831, 3745, 1751 manual Overview, Prerequisites, Limitations

SOLUTION OVERVIEW

CONFIGURING DYNAMIC MULTIPOINT VPN

WITH ON-DEMAND ROUTING

OVERVIEW

This document provides a sample configuration for configuring On-Demand Routing (ODR) with Dynamic Multipoint VPN (DMVPN) in hub to spoke configuration. The DMVPN feature simplifies the hub router IPsec configuration and supports dynamic IP addresses at the spoke router. DMVPN combines Generic Routing Encapsulation (GRE) tunnels, IPsec encryption, and Next Hop Resolution Protocol (NHRP). It provides IP routing for remote sites, while minimizing the overhead on the network devices. This sample configuration also allows load balancing with dual ODR hub routers, failover to a single hub when a hub router fails, and the recovery from a hub router failure when it is recovered.

Figure 1. Network Diagram

PREREQUISITES

The sample configuration is based on the following assumptions:

∙Public IP addresses for the hub routers (10.0.149.221 and 10.0.149.220)

∙DMVPN network for tunnel interface on both hubs are 192.168.1.0/24 and 192.168.2.0/24

∙Spoke router can use static IP or dynamic IP addresses

∙Example uses Enhanced Interior Gateway Routing Protocol (EIGRP) as its dynamic routing protocol

∙Example uses pre-shared keys for authentication

∙Disabled split tunneling for the spoke router; this allows the Internet traffic to go through the hub only

LIMITATIONS

This guide provides the DMPVN configuration, but does not cover the following configuration:

∙Full router security audit: run a Security Device Manager (SDM) security audit in the wizard mode to lock down and secure the router.

∙Initial router configuration step: full configuration is shown in the following section.

All contents are Copyright © 1992–2005 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.

Page 1 of 16