Get 30% off ITprotv.com with: You can use promo code: OSCAROGANDO2
Follow Me on Twitter:
https://twitter.com/CCNADailyTIPS
DMVPN:
DMVPN stands for Dynamic Multipoint VPN. It is a technique where we can build a VPN network on hub-spoke topologies dynamically without having the need to configure the devices statically.
How does the Spoke build IPsec Tunnels?
- IPsec profile has only transform-set configured
- For spoke-to-hub static tunnel
- Spokes know the IPsec peer (hub) from static NHRP mappings
- Proxy-acl is dynamic, GRE between spoke and hub NBMAs
For spoke-to-spoke dynamic tunnel
- Spokes learns the IPsec peer (remote-spoke) from NHRP resolution request which is routed via hub
- Proxy-acl is dynamic: GRE between spokes NBMAS
How does the Hub build IPsec Tunnels?
- IPsec Profile has only transform-set configured
- And IPsec has to come up first, before NHRP
IPsec profile is like a dynamic crypto-map
- Hub will just accept any IKEv1 request inbound on the NBMA address of the GRE tunnel
- Proxy-acl is dynamic: GRE between hub and spoke NBMAs
Show crypto isakmp sa phase 1
Show crypto ipsec sa phase 2
Show dmvpn detail
Show dmvpn
Show ip nhrp
