A Comprehensive Connectivity Master Plan: Constructing a DMVPN to Bridge the Gap Between Head Office and Remote Workspaces

Unleash Efficiency: A Comprehensive Connectivity Master Plan: Constructing a DMVPN (Dynamic Multipoint Virtual Private Network) to Bridge the Gap Between Head Office and Remote Workspaces

These days almost all Companies may need to interconnect their many sites (Branch sites) to the main site (Head office), and perhaps also to each other, across the Internet while encrypting the traffic to protect it.

Here is the best solution for said query...

We will go through the steps to be done first on hub (Head Office) and then on spokes (Branch office):

R1 HUB no IPsec yet

show ip int brief

conf t
int tunnel 0
tunnel source gig 1/0
tunnel mode gre multipoint instead of specifying destination we specify dynamic multipoint vpn
tunnel key 6783 tunnel key should match on any incoming traffic 


NHRP (Next Hop Resolution Protocol) configuration

ip nhrp network-id 1 network ID should be match
ip nhrp authentication cisco123
ip nhrp map multicast dynamic to learn the NBMA address dynamically
ip nhrp shortcut
ip nhrp redirect
Above mentioned two commands are belongs to phase 3

ip address 172.16.0.1 255.255.255.0 IP address for GRE

tunnel path-mtu-discovery
no tunnel path-mtu-discovery

ip mtu 1400
ip tcp adjust-mss 1360
end

Spoke R2 :
conf t
interface tunnel 0
tunnel mode gre multipoint
tunnel source gig 1/0
tunnel key 6783 Tunnel key should be same as mentioned above

ip nhrp network-id 1  network ID should be match
ip nhrp authentication cisco123
ip nhrp shortcut
ip nhrp nhs 172.16.0.1
ip nhrp map 172.16.0.1 15.0.0.1
ip nhrp map multicast 15.0.0.1

ip address 172.16.0.2 255.255.255.0
ip mtu 1400
ip tcp adjust-mss 1360
end

R3
conf t
interface tunnel 0
tunnel mode gre multipoint
tunnel source gig 1/0
tunnel key 6783

ip nhrp network-id 1
ip nhrp authentication cisco123
ip nhrp nhs 172.16.0.1
ip nhrp map 172.16.0.1 15.0.0.1
ip nhrp map multicast 15.0.0.1
ip nhrp shortcut

ip address 172.16.0.3 255.255.255.0
ip mtu 1400
ip tcp adjust-mss 1360
end

R4
conf t
interface tunnel 0
tunnel mode gre multipoint
tunnel source gig 1/0
tunnel key 6783

ip nhrp network-id 1
ip nhrp authentication cisco123
ip nhrp nhs 172.16.0.1
ip nhrp map 172.16.0.1 15.0.0.1
ip nhrp map multicast 15.0.0.1
ip nhrp shortcut

ip address 172.16.0.4 255.255.255.0
ip mtu 1400
ip tcp adjust-mss 1360
end

R1 hub routing
show ip nhrp

To advertise the networks
R1#conf t
router eigrp 777
no auto-summary
network 10.0.0.0
network 172.16.0.0
exit

To disable split-horizon on eigrp
interface tunnel 0
no ip next-hop-self eigrp 777 : to disable next-hop-self
no ip split-horizon eigrp 777
end

To verify which protocol is working on R2-R3-R4

show ip protocols

To configure EIGRP on R2-R3-R4

conf t
router eigrp 777
no auto-summary
network 10.0.0.0
network 172.16.0.0
end

Verification

R1
show ip eigrp neighbors
show ip route eigrp

R2
show ip route eigrp

show ip route 10.4.4.4

show ip nhrp summary

show ip nhrp

debug nhrp

ping 10.4.4.4 repeat 1 source g 2/0

undebug all

show ip nhrp brief