Chapter11 DMVPN
Dynamic Multipoint VPN
11-4
Cisco Router and Security Device Manager Version 2.2 Users Guide
OL-4015-08

Digital Certificates

Select this button if your router uses digital certificates for authentication. Digital
certificates are configured under VPN Components>Public Key Infrastructure.

Confirm Pre-Shared Key

Reenter the key for confirmation. If the values in this field and the Pre-Shared Key
field do not match, SDM prompts you to reenter them.
Hub GRE Tunnel Interface Configuration
Multipoint Generic Routing Encapsulation (mGRE) is used in a DMVPN network
to allow a single GRE interface on a hub to support an IPSec tunnel to each spoke
router. This greatly simplifies DMVPN configuration. GRE allows routing
updates to be sent over IPSec connections.

Select the interface that connects to the Internet

Select the router interface that connects to the Internet. The GRE tunnel originates
from this interface.
Selecting an interface that uses a dialup connection may cause the connection to
be always up. You can examine supported interfaces in Interfaces and
Connections to determine if a dialup connection. Typically, interfaces such as
ISDN or Asynchronous Serial will be configured for a dialup connection.
IP Address
Enter the IP address for the mGRE interface . This must be a private address and
be in the same subnet as the GRE interfaces of the othe r routers in the network.
For example, the GRE interfaces might share the subnet 10.10.6.0, and be given
IP addresses in the range 10.10.6.1 through 10.10.6.254.
Subnet Mask
Enter the mask for the subnet that the GRE interfaces are in. For example, the
mask for the subnet 10.10.6.0 could be 255.255.255.0. For more infor mation, see
IP Addresses and Subnet Masks.