Showing posts from June, 2014

CCIE RSv5 Transition Technologies, Topic 1: DMVPN

DMVPN is documented under "Security and VPN", for IOS 12.4T it can be found here.

TIP: If you need to clear the NHRP cache because you changed something in the configuration, bounce all the tunnels.
TIP: It's crucial that you decide if you need to use 1 or 2 Hubs in the Phase 1 of DMVPN based on your actual needs.

Let´s start by defining DMVPN. From a high level DMVPN a Point to Multipoint (PMP) Tunnel, and it's an Overlay Tunnel, which means that it's not a Peer to Peer VPN, but a Tunnel which is independent on the underlying transport. Basically DMVPN is a GRE over IPsec site-to-site tunnel, that allows you to use Dynamic Routing Protocols.

DMVPN is a Hub and Spoke network based on an Overlay, where each one of the Spokes establishes a GRE tunnel with the Hub. Spokes can then run EIGRP, OSPF or BGP over the tunnel with the Hub. Spokes communicate with the Hub using the Tunnel (static configuration), as a normal P2P GRE Tunnel. Spokes will be communicating with th…