Simplify and use dual hub single network. Here is the configuration for
you.
i.e.
Hub1
interface Tunnel1
ip mtu 1400
ip address 192.168.1.1 255.255.255.0
ip nhrp map multicast dynamic
ip nhrp map multicast <second-hub-nbma>
ip nhrp map ip 192.168.1.2 <second-hub-nbma>
ip nhrp nhs 192.168.1.2
ip nhrp network-id 12
ip nhrp redirect
ip nhrp shortcut
tunnel mode gre multipoint
tunnel path-mtu-discovery
tunnel source <outside-interface>
Hub2
interface Tunnel1
ip mtu 1400
ip address 192.168.1.2 255.255.255.0
ip nhrp map multicast dynamic
ip nhrp map multicast <first-hub-nbma>
ip nhrp map ip 192.168.1.1 <first-hub-nbma>
ip nhrp nhs 192.168.1.1
ip nhrp network-id 12
ip nhrp redirect
ip nhrp shortcut
tunnel mode gre multipoint
tunnel path-mtu-discovery
tunnel source <outside-interface>
Spoke1
interface Tunnel1
ip mtu 1400
ip address 192.168.1.3 255.255.255.0
ip nhrp map multicast <first-hub-nbma>
ip nhrp map multicast <second-hub-nbma>
ip nhrp map ip 192.168.1.1 <first-hub-nbma>
ip nhrp map ip 192.168.1.2 <second-hub-nbma>
ip nhrp nhs 192.168.1.1
ip nhrp nhs 192.168.1.2
ip nhrp network-id 12
ip nhrp redirect
ip nhrp shortcut
tunnel mode gre multipoint
tunnel path-mtu-discovery
tunnel source <outside-interface>
If using OSPF do the following on all three:
ip ospf network point-to-multipoint
If using EIGRP do the following on the hubs. Personally I recommend OSPF
though:
no ip split-horizon eigrp <as>
I didn't show the IPsec encryption parameters as you can decide whether you
want to use GetVPN or IPsec profiles.
Regards,
Tyson Scott - CCIE #13513 R&S, Security, and SP
Managing Partner / Sr. Instructor - IPexpert, Inc.
Mailto: tscott_at_ipexpert.com
-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
sameer inam
Sent: Wednesday, January 05, 2011 11:08 AM
To: negron.paul_at_gmail.com; dcp_at_dcptech.com; amsoares_at_netcabo.pt;
ccielab_at_groupstudy.com
Subject: RE: DMVPN Spokes
i m using 2811 at first Hub and 1841 router on second hub ... spoke site
1841
router
> Date: Tue, 4 Jan 2011 11:55:29 -0700
> Subject: Re: DMVPN Spokes
> From: negron.paul_at_gmail.com
> To: dcp_at_dcptech.com; i_sameer_at_hotmail.com; amsoares_at_netcabo.pt;
ccielab_at_groupstudy.com
>
> What Hardware are you using for your hub?
> --
> Paul Negron
> CCIE# 14856 CCSI# 22752
> Senior Technical Instructor
> www.micronicstraining.com
>
>
>
> > From: David Prall <dcp_at_dcptech.com>
> > Organization: DCP Technologies
> > Reply-To: David Prall <dcp_at_dcptech.com>
> > Date: Tue, 4 Jan 2011 13:44:57 -0500
> > To: 'sameer inam' <i_sameer_at_hotmail.com>, <amsoares_at_netcabo.pt>,
> > <ccielab_at_groupstudy.com>
> > Subject: RE: DMVPN Spokes
> >
> > Can't tell you without knowing more. At this point - Upgrade to the
latest
> > code and if you continue to have the issue send "sh tech"'s and drawing
of
> > the network.
> >
> > --
> > http://dcp.dcptech.com
> >
> >
> >> -----Original Message-----
> >> From: sameer inam [mailto:i_sameer_at_hotmail.com]
> >> Sent: Tuesday, January 04, 2011 1:32 PM
> >> To: dcp_at_dcptech.com; amsoares_at_netcabo.pt; ccielab_at_groupstudy.com
> >> Subject: RE: DMVPN Spokes
> >>
> >> I m using OSPF routing protocol.its looke like there is no routing loop
> >> . the issue which I seen is packet has be lost after some time to
> >> there destination .I can see when the One ping to DMVPN hub stopped and
> >> other one working fine at that crypto keep up . NHRP stable but ping
> >> repsoned stopped with one hub and other one worked fine ...
> >>
> >> if you could advice me how we can fix this issue it will be much
> >> appreciated.
> >>
> >> Sameer
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>> From: dcp_at_dcptech.com
> >>> To: i_sameer_at_hotmail.com; amsoares_at_netcabo.pt; ccielab_at_groupstudy.com
> >>> Subject: RE: DMVPN Spokes
> >>> Date: Tue, 4 Jan 2011 10:36:51 -0500
> >>>
> >>> Fails after 30 minutes, 30 minutes exactly? What timer is kicking off
> >> at 30
> >>> Minutes, ISAKMP is 24 Hours by default, IPSec is 1 hour by default,
> >> Routing
> >>> Protocols are nowhere near 30 minutes (15 seconds EIGRP, 40 seconds
> >> OSPF),
> >>> NHRP Holdtime is 2 hours by default.
> >>>
> >>> What routing protocol are you using?
> >>> What do your configs actually look like?
> >>> What does your routing table look like, are you creating a routing
> >> loop that
> >>> is causing other issues?
> >>>
> >>> David
> >>>
> >>> --
> >>> http://dcp.dcptech.com
> >>>
> >>>
> >>>> -----Original Message-----
> >>>> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On
> >> Behalf Of
> >>>> sameer inam
> >>>> Sent: Tuesday, January 04, 2011 8:23 AM
> >>>> To: amsoares_at_netcabo.pt; dcp_at_dcptech.com; ccielab_at_groupstudy.com
> >>>> Subject: RE: DMVPN Spokes
> >>>>
> >>>> have one spoke router two different hub ...no i havent try vrf ...
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>> From: amsoares_at_netcabo.pt
> >>>>> To: i_sameer_at_hotmail.com; dcp_at_dcptech.com; ccielab_at_groupstudy.com
> >>>>> Subject: RE: DMVPN Spokes
> >>>>> Date: Tue, 4 Jan 2011 13:19:24 +0000
> >>>>>
> >>>>> So you want to simulate several spokes on a single router ? Have
> >> you
> >>>> tried
> >>>>> using VRF's ?
> >>>>>
> >>>>>
> >>>>> Regards,
> >>>>>
> >>>>> Antonio Soares, CCIE #18473 (R&S/SP)
> >>>>> amsoares_at_netcabo.pt
> >>>>>
> >>>>>
> >>>>> -----Original Message-----
> >>>>> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On
> >> Behalf
> >>>> Of
> >>>>> sameer inam
> >>>>> Sent: terga-feira, 4 de Janeiro de 2011 12:34
> >>>>> To: dcp_at_dcptech.com; ccielab_at_groupstudy.com
> >>>>> Subject: RE: DMVPN Spokes
> >>>>>
> >>>>> I tried all the option which you told me .. its worked for 30 min
> >> and
> >>>> then
> >>>>> one
> >>>>> of the tunnel drops. any advice
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>> From: dcp_at_dcptech.com
> >>>>>> To: i_sameer_at_hotmail.com
> >>>>>> Subject: RE: DMVPN Spokes
> >>>>>> Date: Sat, 1 Jan 2011 16:25:31 -0500
> >>>>>>
> >>>>>> You'll need different nhrp id's and tunnel key's if they are
> >> using
> >>>> the
> >>>>> same
> >>>>>> source address/interface. If using tunnel protection you will
> >> need
> >>>> the
> >>>>>> shared keyword. You should be able to look at the DMVPN SRND on
> >>>> dual
> >>>>> tunnel
> >>>>>> dual dmvpn designs.
> >>>>>>
> >>>>>> --
> >>>>>> http://dcp.dcptech.com
> >>>>>>
> >>>>>>
> >>>>>>> -----Original Message-----
> >>>>>>> From: sameer inam [mailto:i_sameer_at_hotmail.com]
> >>>>>>> Sent: Saturday, January 01, 2011 3:45 PM
> >>>>>>> To: dcp_at_dcptech.com
> >>>>>>> Subject: RE: DMVPN Spokes
> >>>>>>>
> >>>>>>> ok , I tried to use different Key , different profile
> >> protection
> >>>> (but
> >>>>>>> Not with Shared) different Netwrk ID on both tunnels .but
> >> source
> >>>>>>> tunnel is same ,, I will try to use different Source and also
> >>>> shared
> >>>>>>> key wordward with profile protection , Do you have any
> >> document
> >>>> for
> >>>>>>> that ? I really appreaicte your kind help
> >>>>>>>
> >>>>>>> Sameer
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>> From: dcp_at_dcptech.com
> >>>>>>>> To: ron.wilkerson_at_gmail.com; i_sameer_at_hotmail.com;
> >>>>>>> ccielab_at_groupstudy.com
> >>>>>>>> Subject: RE: DMVPN Spokes
> >>>>>>>> Date: Sat, 1 Jan 2011 15:38:03 -0500
> >>>>>>>>
> >>>>>>>> If they are using the same source address/inteface then you
> >>>> will have
> >>>>>>> to use
> >>>>>>>> the shared keyword on tunnel protection. You will also need
> >> to
> >>>> use
> >>>>>>> tunnel
> >>>>>>>> keys on both interfaces so that packets are dropped off on
> >> the
> >>>>>>> correct
> >>>>>>>> tunnel. Otherwise you need to use dedicated source
> >> interfaces
> >>>> for
> >>>>>>> each
> >>>>>>>> tunnel interface, such as a loopback for each.
> >>>>>>>>
> >>>>>>>> David
> >>>>>>>>
> >>>>>>>> --
> >>>>>>>> http://dcp.dcptech.com
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>> -----Original Message-----
> >>>>>>>>> From: nobody_at_groupstudy.com
> >> [mailto:nobody_at_groupstudy.com] On
> >>>>>>> Behalf Of
> >>>>>>>>> ron.wilkerson_at_gmail.com
> >>>>>>>>> Sent: Saturday, January 01, 2011 3:29 PM
> >>>>>>>>> To: sameer inam; ccielab_at_groupstudy.com
> >>>>>>>>> Subject: Re: DMVPN Spokes
> >>>>>>>>>
> >>>>>>>>> Google for cisco's dmvpn srnd
> >>>>>>>>> Sent from my Verizon Wireless BlackBerry
> >>>>>>>>>
> >>>>>>>>> -----Original Message-----
> >>>>>>>>> From: sameer inam <i_sameer_at_hotmail.com>
> >>>>>>>>> Date: Sat, 1 Jan 2011 20:16:33
> >>>>>>>>> To: <ron.wilkerson_at_gmail.com>; <ccielab_at_groupstudy.com>
> >>>>>>>>> Subject: RE: DMVPN Spokes
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> I tried with different DMVPN domain , Network-ID and Key
> >> and
> >>>> also
> >>>>>>>>> different profile but issue Tunnel was up for while and
> >> then
> >>>>>>> droped.
> >>>>>>>>> could you please advice any document ?
> >>>>>>>>>
> >>>>>>>>> Thanks for your help
> >>>>>>>>>
> >>>>>>>>> Sameer
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>> Subject: Re: DMVPN Spokes
> >>>>>>>>>> To: i_sameer_at_hotmail.com; ccielab_at_groupstudy.com
> >>>>>>>>>> From: ron.wilkerson_at_gmail.com
> >>>>>>>>>> Date: Sat, 1 Jan 2011 20:18:58 +0000
> >>>>>>>>>>
> >>>>>>>>>> Yes. Each tunnel will be in a different dmvpn domain.
> >>>>>>>>>> ------Original Message------
> >>>>>>>>>> From: sameer inam
> >>>>>>>>>> Sender: nobody_at_groupstudy.com
> >>>>>>>>>> To: ccielab_at_groupstudy.com
> >>>>>>>>>> ReplyTo: sameer inam
> >>>>>>>>>> Subject: DMVPN Spokes
> >>>>>>>>>> Sent: Jan 1, 2011 15:09
> >>>>>>>>>>
> >>>>>>>>>> Dear Experts,
> >>>>>>>>>>
> >>>>>>>>>> I have one router whichis on Spoke end , and I have two
> >>>> different
> >>>>>>>>> DMVPN Hubs
> >>>>>>>>>> , can I configure two spokes configuration on one
> >> single
> >>>> router ?
> >>>>>>>>> please
> >>>>>>>>>> advice ?
> >>>>>>>>>>
> >>>>>>>>>> Kind regards,
> >>>>>>>>>>
> >>>>>>>>>> Sameer
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> Blogs and organic groups at http://www.ccie.net
> >>>>>>>>>>
> >>>>>>>>>
> >>>>>>>
> >>>>
> >>> ______________________________________________________________________
> >>>>>>>>> _
> >>>>>>>>>> Subscription information may be found at:
> >>>>>>>>>> http://www.groupstudy.com/list/CCIELab.html
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> Sent from my Verizon Wireless BlackBerry
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> Blogs and organic groups at http://www.ccie.net
> >>>>>>>>>>
> >>>>>>>>>
> >>>>>>>
> >>>>
> >>> ______________________________________________________________________
> >>>>>>>>> _
> >>>>>>>>>> Subscription information may be found at:
> >>>>>>>>>> http://www.groupstudy.com/list/CCIELab.html
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> Blogs and organic groups at http://www.ccie.net
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>
> >>>>
> >> _______________________________________________________________________
> >>>>>>>>> Subscription information may be found at:
> >>>>>>>>> http://www.groupstudy.com/list/CCIELab.html
> >>>>>
> >>>>>
> >>>>> Blogs and organic groups at http://www.ccie.net
> >>>>>
> >>>>>
> >>>>
> >> _______________________________________________________________________
> >>>>> Subscription information may be found at:
> >>>>> http://www.groupstudy.com/list/CCIELab.html
> >>>>
> >>>>
> >>>> Blogs and organic groups at http://www.ccie.net
> >>>>
> >>>>
> >> _______________________________________________________________________
> >>>> Subscription information may be found at:
> >>>> http://www.groupstudy.com/list/CCIELab.html
> >>>
> >>>
> >>> Blogs and organic groups at http://www.ccie.net
> >>>
> >>>
> >> _______________________________________________________________________
> >>> Subscription information may be found at:
> >>> http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Wed Jan 05 2011 - 12:26:26 ART
This archive was generated by hypermail 2.2.0 : Tue Feb 01 2011 - 07:39:17 ART