background preloader

Week 14

Facebook Twitter

Configuring Cisco Dynamic Multipoint VPN (DMVPN) - Hub, Spokes , mGRE Protection and Routing - DMVPN Configuration. Introduction to DMVPN Our DMVPN Introduction article covered the DMVPN concept and deployment designs.

Configuring Cisco Dynamic Multipoint VPN (DMVPN) - Hub, Spokes , mGRE Protection and Routing - DMVPN Configuration

We explained how DMVPN combines a number of technologies that give it its flexibility, low administrative overhead and ease of configuration. This article will cover the configuration of a Cisco DMVPN including Hub, Spokes, Routing and Protecting the mGRE Tunnel. It is highly advisable for those who haven’t read our Introduction to DMVPN to do so as it contains basic concepts and theory that are important to the configuration process. Configuring DMVPN is simple, if you’ve worked with GRE tunnels before. DMVPN as a design concept is essentially the configuration combination of protected GRE Tunnel and Next Hop Routing Protocol (NHRP).

DMVPN Explained. DMVPN stands for Dynamic Multipoint VPN and it is an effective solution for dynamic secure overlay networks. In short, DMVPN is combination of the following technologies: 1) Multipoint GRE (mGRE) 2) Next-Hop Resolution Protocol (NHRP) 4) Dynamic Routing Protocol (EIGRP, RIP, OSPF, BGP) 3) Dynamic IPsec encryption 5) Cisco Express Forwarding (CEF) Assuming that reader has a general understanding of what DMVPN is and a solid understanding of IPsec/CEF, we are going to describe the role and function of each component in details. In this post we are going to illustrate two major phases of DMVPN evolution: 1) Phase 1 – Hub and Spoke (mGRE hub, p2p GRE spokes) 2) Phase 2 – Hub and Spoke with Spoke-to-Spoke tunnels (mGRE everywhere) As for DMVPN Phase 3 – “Scalable Infrastructure”, a separate post is required to cover the subject. Note: Before we start, I would like to thank my friend Alexander Kitaev, for taking time to review the post and providing me with useful feedback.

Multipoint GRE R1: ! CVD-VPNWANDesignGuide-AUG13.pdf. DMVPN: How this Cisco IOS technology can help cut 70% off your corporate phone bill, Part 1. If you work with Cisco IOS you need to know about DMVPN - the Dynamic Multipoint Virtual Private Network, which could help to cut up to 70% off your company's telephone bill.

DMVPN: How this Cisco IOS technology can help cut 70% off your corporate phone bill, Part 1

George Morton, dual CCIE 18532, Router/Switch & Security of IT consultancy Madison Solutions, has written a whitepaper about this Cisco technology, which we will post over two parts. Part 1 begins today (Update: Part 2 is here.) Dynamic Multipoint Virtual Private Network, (DMVPN) is an idea whose time has come. Now the telephone companies don’t want you to read about DMVPN. With up to 70% savings over your current MPLS and Frame Relay networks you are going to have understand DMVPN.

Part 1 of this series will introduce DMVPN and Part 2 will discuss configurations. EIGRP_Case_Study.pdf. IPv6 over existing IPv4 DMVPN cloud. Disclaimer: This doument is inteded for educational purposes only.

IPv6 over existing IPv4 DMVPN cloud.

IPv4 and IPv6 in December 2010. Migration to IPv6 is somewhat of a buzzword recently. IPv6 has been around for a while and adoption rate is increasing. But frankly, things are lagging behind. - Are all your vendors (software/hardware/network etc. . ) - Are your providers providing IPv6 service? But how does one evaluate what still needs to be done? You don't want to wake up in a few days realizing your proxy/loadbalancer/firewall does not pass IPv6. I've been thinking about the whole situation and where it leaves a lot of people: - Multiple branches. - Restrictions on changes to be done. - Changes cannot affect existing functionality. - No scalable way to deploy IPv6 over whole network topology. Ideally we'd run everything dual stack, in practice though we have to rely on mechanism such as 6to4, ISATAP.

DMVPN is also GRE (over IPSec if one wants added security), which means you can use DMVPN to route both IPv4 and IPv6. ipv6 eigrp 101. H-Reap Design and Deployment Guide. Introduction Hybrid Remote Edge Access Point (H REAP) is a wireless solution for branch office and remote office deployments.

H-Reap Design and Deployment Guide

It enables customers to configure and control access points in a branch or remote office from the corporate office through a wide area network (WAN) link without deploying a controller in each office. The H REAP access points can switch client data traffic locally and perform client authentication locally when the connection to the controller is lost. When connected to the controller, H REAPs can also tunnel traffic back to the controller. Prerequisites Requirements Hybrid REAP is supported only on the 1040, 1130, 1140, 1240, 1250, 3500, 1260, AP801, AP802 access points and on the Cisco WiSM, Cisco 5500, 4400, 2100, 2500, and Flex 7500 Series Controllers, the Catalyst 3750G Integrated Wireless LAN Controller Switch, the Controller Network Module for Integrated Services Routers.

Components Used Conventions CAPWAP Operations Background The Hybrid Remote-Edge Access Point. Dynamic Multipoint VPN (DMVPN) Design Guide (Version 1.1) - DMVPN Design and Implementation [Design Zone for IPv6]