Powered by Blogger.
RSS

ITD ::: How to configure Dynamic Multipoint VPN (DMVPN)

15:43 |

ITD ::: How to configure Dynamic Multipoint VPN (DMVPN)?

DMVPN stands for Dynamic Multipoint Virtual Private Network provides a secure, scalable network b y using IPsec  encryption, generic routing encapsulation (GRE) and Next Hop Resolution Protocol (NHRP).
How DMVPN works
  • DMVPN building the IPsec and GRE connection is an easy and scalable solution.
  • Hub router has a permanent tunnel to all spokes routers but not between spokes to spokes.
  • A spoke can send their packet to others spokes using the NHRP server.
Basic steps for DMVPN Configuration: 
First define the ISAKMP Policy.
·         Authentication
·         Hash
·         Encryption
·         Group
 Establish IPsec transform set.
·          Esp-des
·         Esp-md5-hmac
·         Esp-aes
·         Asp-sha-hmac
Configure tunnel group 
  • Group name     
  • Group policies    
  • Configure NHRP server
Configur ipsec profile
Router Protocols 
 
Configuring the Hub for DMVPN 
First defined the IKE polices on hub router
crypto isakmp policy 10
hash md5
authentication pre-share
group 2
encryption des
crypto isakmp key phonenet address 0.0.0.0 0.0.0.0
crypto ipsec transform-set  ts1 esp-des esp-md5-hmac
crypto ipsec profile dvpn
set transform-set  ts1
interface Loopback0
ip address 192.168.1.1 255.255.255.0
interface Tunnel0
 ip address 172.16.0.1 255.255.0.0
 ip mtu 1416
 ip nhrp authentication corvit
 ip nhrp map multicast dynamic
 ip nhrp network-id 99
 tunnel source Ethernet0/0
 tunnel mode gre multipoint
 tunnel key 12345
 tunnel protection ipsec profile dvpn
router eigrp 1
 network 172.16.0.0
 network 192.168.1.0
 auto-summary
end
Configuring the Spoke for DMVPN
 
crypto isakmp policy 1
 hash md5
 authentication pre-share
 group 2
 encryption des
 crypto isakmp key phonenet address 0.0.0.0 0.0.0.0
crypto ipsec transform-set ts1 esp-des esp-md5-hmac
crypto ipsec profile dvpn
set transform-set ts1
interface Loopback0
 ip address 192.168.2.2 255.0.0.0
interface Tunnel0
 ip address 172.16.0.2 255.255.0.0
 ip mtu 1416
 ip nhrp authentication corvit
 ip nhrp map 172.16.0.1 1.1.1.1
 ip nhrp map multicast 1.1.1.1
 ip nhrp network-id 99
 ip nhrp nhs 172.16.0.1
 tunnel source Ethernet0/0
 tunnel mode gre multipoint
 tunnel key 12345
 tunnel protection ipsec profile dvpn
router eigrp 1
 network 172.16.0.0
 network 192.168.2.0
   auto-summary

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS
Posted by Unknown

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)
Design Downloaded from Free Blogger Templates | Free Website Templates
Free Blogger Templates Free Joomla TemplatesFree Blogger TemplatesFree Website TemplatesFree Wordpress Themes TemplatesFree CSS TemplatesFree Wordpress ThemesFree CSS Templates dreamweaver