Dynamic Multipoint VPN (DMVPN) Configuration

DMVPN (Dynamic Multipoint VPN) is a technique where we use multipoint GRE tunnels instead of GRE point-to-point tunneling.

Introduction to DMVPN

 

Hi Rene,

nice post. I have tried simulating this on GNS3 with no success.
Is it possible simulate DMVPN without IPSEC on GNS?

I’m using the below IOS image

C3725-ADVENTERPRISEK9-M Version 12.4(15)T5

Hi Ahmed,

Shouldn’t be a problem, I used the 12.4(15)T7 image on 3725 routers.

Rene

enabled debup dmvpn and getting this

NHRP: Encapsulation failed for destination 172.16.123.2 out Tunnel0

any ideas?

I’ll try with another IOS and report here if it works

one more thing: why do you include the router prompts in you examples? If you don’t it will be easier and faster to simulate and test.

Example: instead of

R1(config)#router ospf 1
R1(config-router)#network 1.1.1.1 0.0.0.0 area 0
R1(config-router)#network 172.16.123.0 0.0.0.255 area 0

use:

router ospf 1
network 1.1.1.1 0.0.0.0 area 0
network 172.16.123.0 0.0.0.255 area 0

I’m not lazy but this will simplify things especially for basic configs :slight_smile:

thank you.

Hmm I could just add the commands from the running-config, I’m lazy too and I pasted these as I was configuring everything :slight_smile: If you do a “show dmvpn” on the hub and spokes, do you see anything? Try to ping from the spokes to the hub so that they can register themselves.

If that doesn’t work, try a shut/no shut on the tunnel interfaces and try again. Did you try that debug on the hub router?

It worked after issuing (shut/no sh) under the tunnel interface and pinging from the spoke to the hub.

thanks Rene your posts here and on GNS3VAULT helped me a lot

cheers!

Glad to hear it’s working. I’ve seen this before, also after configuring IPSEC it sometimes helps to ‘bounce’ the tunnel interfaces.

thank you it is nice post.

Under the tunnel interface please tray below command

int tunnel 0
tunnel key 100 (Any number you can assign)

My tunnel interface started to working after the this rule.

Thanks for putting it so nicely :).

hi rene,

I wonder if this can add QoS settings as I would.

thanks

Hi Hector,

I haven’t tried it before with DMVPN but take a look at the “pre-classify” command. That might do the job.

Rene

Amazing, thank you Rene.

If the Spokes Fa0/0 interfaces are in different subnets, what will be the switch config?

Fantastic lab

Nice tutorial. i wish you used eigrp as the routing protocol of choice.

Hi Peter,

Why would you prefer EIGRP?

Rene

I maybe using EIGRP for my DMVPN Implementation

Ah ok, well if you can make it work with OSPF using my example then EIGRP shouldn’t be a problem.

Pretty well explained. I think it is very good one-page instructions how to set up DMVPN.
At home :wink:

Hi Rene, I tried this configuration in a lab for school and it worked really well at first. Pings were successful across my network, but then suddenly the tunnels would go down and OSPF started flapping. Here’s an example from the hub. I’m using a new Cisco 2900 router on the hub, and 2 Cisco 2811s as spokes and a 3550 switch in between…no config on the switch except for speed and duplex auto.

Nov 3 08:53:21.828: %OSPF-5-ADJCHG: Process 52, Nbr 192.168.123.2 on Tunnel0 fr
om FULL to DOWN, Neighbor Down: Dead timer expired

I’ve played with the mtu settings, first setting them all to 1400 and when that didn’t work I set them to mtu-ignore on interface tunnel 0, but that didn’t solve the flapping issue either. Do you have any suggestions on what I might have missed? Thanks!! Sam