Unleash Efficiency: A Comprehensive Connectivity Master Plan: Constructing a DMVPN (Dynamic Multipoint Virtual Private Network) to Bridge the Gap Between Head Office and Remote Workspaces
These days almost all Companies may need to interconnect their many sites (Branch sites) to the main site (Head office), and perhaps also to each other, across the Internet while encrypting the traffic to protect it.
Here is the best solution for said query...
We will go through the steps to be done first on hub (Head Office) and then on spokes (Branch office):
R1 HUB no IPsec yet
show ip int brief
conf t
int tunnel 0
tunnel source gig 1/0
tunnel mode gre multipoint instead of specifying destination we specify dynamic multipoint vpn
tunnel key 6783 tunnel key should match on any incoming traffic
NHRP (Next Hop Resolution Protocol) configuration
ip nhrp network-id 1 network ID should be match
ip nhrp authentication cisco123
ip nhrp map multicast dynamic to learn the NBMA address dynamically
ip nhrp shortcut
ip nhrp redirect
Above mentioned two commands are belongs to phase 3
ip address 172.16.0.1 255.255.255.0 IP address for GRE
tunnel path-mtu-discovery
no tunnel path-mtu-discovery
ip mtu 1400
ip tcp adjust-mss 1360
end
Spoke R2 :
conf t
interface tunnel 0
tunnel mode gre multipoint
tunnel source gig 1/0
tunnel key 6783 Tunnel key should be same as mentioned above
ip nhrp network-id 1 network ID should be match
ip nhrp authentication cisco123
ip nhrp shortcut
ip nhrp nhs 172.16.0.1
ip nhrp map 172.16.0.1 15.0.0.1
ip nhrp map multicast 15.0.0.1
ip address 172.16.0.2 255.255.255.0
ip mtu 1400
ip tcp adjust-mss 1360
end
R3
conf t
interface tunnel 0
tunnel mode gre multipoint
tunnel source gig 1/0
tunnel key 6783
ip nhrp network-id 1
ip nhrp authentication cisco123
ip nhrp nhs 172.16.0.1
ip nhrp map 172.16.0.1 15.0.0.1
ip nhrp map multicast 15.0.0.1
ip nhrp shortcut
ip address 172.16.0.3 255.255.255.0
ip mtu 1400
ip tcp adjust-mss 1360
end
R4
conf t
interface tunnel 0
tunnel mode gre multipoint
tunnel source gig 1/0
tunnel key 6783
ip nhrp network-id 1
ip nhrp authentication cisco123
ip nhrp nhs 172.16.0.1
ip nhrp map 172.16.0.1 15.0.0.1
ip nhrp map multicast 15.0.0.1
ip nhrp shortcut
ip address 172.16.0.4 255.255.255.0
ip mtu 1400
ip tcp adjust-mss 1360
end
R1 hub routing
show ip nhrp
To advertise the networks
R1#conf t
router eigrp 777
no auto-summary
network 10.0.0.0
network 172.16.0.0
exit
To disable split-horizon on eigrp
interface tunnel 0
no ip next-hop-self eigrp 777 : to disable next-hop-self
no ip split-horizon eigrp 777
end
To verify which protocol is working on R2-R3-R4
show ip protocols
To configure EIGRP on R2-R3-R4
conf t
router eigrp 777
no auto-summary
network 10.0.0.0
network 172.16.0.0
end
Verification
R1
show ip eigrp neighbors
show ip route eigrp
R2
show ip route eigrp
show ip route 10.4.4.4
show ip nhrp summary
show ip nhrp
debug nhrp
ping 10.4.4.4 repeat 1 source g 2/0
undebug all
show ip nhrp brief