Configuration.
!HUB:
!
!!ISAKMP Phase 1
crypto isakmp policy 10
authentication pre-share
hash md5
encr 3des
group 5
!
!!Wildcard key
crypto isakmp key Password123 address 0.0.0.0
!
crypto ipsec transform-set DMVPN_TRANSFORM_SET esp-des esp-md5-hmac
mode transport
!
!!IPSec phase 2
crypto ipsec profile DMVPN_PROFILE
set transform-set DMVPN_TRANSFORM_SET
!
interface Tunnel0
ip address 10.255.255.5 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication Password123
!!Hub is dynamic
ip nhrp map multicast dynamic
ip nhrp network-id 99
ip tcp adjust-mss 1360
no ip split-horizon eigrp 999
delay 1000
!!Enable DMVPN Phase 3 redirection on Hub
ip nhrp redirect
tunnel source FastEthernet0/1
tunnel mode gre multipoint
tunnel key 1
tunnel protection ipsec profile DMVPN_PROFILE
!
!
############################################
!
!
!SPOKE:
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 5
!
crypto isakmp key Password123 address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set DMVPN_TRANSFORM_SET esp-des esp-md5-hmac
!
crypto ipsec profile DMVPN_PROFILE
set transform-set DMVPN_TRANSFORM_SET
!
interface Tunnel0
ip address 10.255.255.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication Password123
!!Map Tunnel IP to Outside IP
ip nhrp map 10.255.255.5 10.0.125.5
!!Multicast map to the Hubs Outside IP.
ip nhrp map multicast 10.0.125.5
ip nhrp network-id 99
!!NHS should point to the Hub’s tunnel IP
ip nhrp nhs 10.255.255.5
!! Enable DMVPN Phase 3 shortcut and redirection
ip nhrp shortcut
ip nhrp redirect
ip tcp adjust-mss 1360
delay 1000
tunnel source Loopback0
tunnel mode gre multipoint
tunnel key 1
tunnel protection ipsec profile DMVPN_PROFILE
!
!
Troubleshooting and Verification.
sh ip nhrp
sh ip nhrp nhs detail
sh crypto isakmp sa
sh crypto ipsec sa
sh dmvpn
debug crypto isakmp
debug crypto ipsec
debug nhrp
debug dmvpn all nhrp
0 Comments