Cisco DMVPN Configuration Question
Ray Soucy
rps at maine.edu
Fri Aug 16 16:05:44 UTC 2013
Don't usually poke NANOG for a second pair of eyes, but got hit with an
urgent need to get connectivity up on a small budget.
I've run into a situation where I require multiple DMVPN spokes to be
behind a single NAT IP (picture of things to come with CGN?)
The DMVPN endpoint works fine behind NAT until a 2nd is added behind the
same IP address. At that point the hub gets confused and I start seeing
packet loss to the endpoints in a round-robin fashion.
As far as I can see Cisco documentation says pretty clearly that each DMVPN
spoke requires a unique IP address. Is there any way around this, or do I
need to be looking at an alternative VPN solution?
Hub config:
----8<----
description DMVPN
bandwidth 100000
ip address 10.231.254.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication ! removed
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip nhrp redirect
ip tcp adjust-mss 1360
tunnel source ! removed
tunnel mode gre multipoint
tunnel key 0
tunnel protection ipsec profile DMVPN
----8<----
Spoke:
----8<----
interface Tunnel2
description DMVPN
bandwidth 100000
ip vrf forwarding DMVPN
ip address 10.231.254.10 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication ! removed
ip nhrp map multicast ! removed
ip nhrp map 10.231.254.1 ! removed
ip nhrp network-id 1
ip nhrp nhs 10.231.254.1
ip nhrp shortcut
ip tcp adjust-mss 1360
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 0
tunnel protection ipsec profile DMVPN
end
----8<----
--
Ray Patrick Soucy
Network Engineer
University of Maine System
T: 207-561-3526
F: 207-561-3531
MaineREN, Maine's Research and Education Network
www.maineren.net
More information about the NANOG
mailing list