My DMVPN spokes are becoming Starlinks with dynamically changing WAN IP’s. Is there an example config on how to configure a new DMVPN setup that is compatible with the spoke IP’s changing? Currently, when the spoke gets a new IP…I’m adding another isakmp config line to the hub as shown below and I’d like to stop doing this:
crypto isakmp key MYKEY address 98.x.x.x
Hi David,
Have you seen EEM?
That’s what I would try first.
Rene
I am aware of EEM…and have used it in the past for random stuff. What is your thought on its use case here? I was hoping all i needed to do was change my hub to start using a crypto keyring accepting any IP with a really strong key? I’m building a new hub…so I can do whatever I want and migrate spokes to this new hub.
Hi David,
I’m a bit too quick, I had in mind that you had to change something on the spoke routers.
You’ll probably need to change crypto isakmp key to use address 0.0.0.0 0.0.0.0 so it accepts any spoke router. You might be able to filter on the IP range of Starlink using ACLs.
PSK is possible but if you have many spoke routers, the chance that something happens with a spoke router and you have to replace the PSK everywhere increases. If it’s only a couple of spoke routers it’s not much of an issue but with many, you might want to look into certificates.
Rene
1 Like