RE: DMVPN

If you're using DMVPN Phase 3 you're better off running OSPF in point-to-multipoint as opposed to broadcast. It simplifies the database lookup for OSPF, and avoids potential cases where spokes are isolated from the network if the DR/BDR election fails.

During your migration just set the OSPF cost of the new DMVPN tunnels to a high value, so you will prefer your old static IPsec over GRE until you can verify that the DMVPN network is actually working as you want. You may consider running a separate OSPF process over the new DMVPN network during your migration, which means that it won't interfere with any of the path selection of your current network. All you'd need to do then is set the administrative distance of the new OSPF process to higher than 110, so the original process is preferred. This way when your migration is complete you can simply set the new process to a lower distance to be preferred, and routing should happen over the DMVPN network, but if you need to rollback you just need raise the distance again.

So in short, like Frog said, yes you can do it. The tunnel key will allow the router to figure out which GRE traffic belongs to the old static tunnels vs. the new DMVPN network.

HTH,

Brian McGahan, CCIE #8593 (R&S/SP/Security)
bmcgahan_at_INE.com

Internetwork Expert, Inc.
http://www.INE.com
________________________________________
From: nobody_at_groupstudy.com [nobody_at_groupstudy.com] On Behalf Of Radioactive Frog [pbhatkoti_at_gmail.com]
Sent: Saturday, October 29, 2011 6:15 PM
To: Paul Tim
Cc: Cisco certification
Subject: Re: DMVPN

Certainly you can do that without any issue. In a hutshell, if u are
running OSPF, make sure you assign:
a) bandwidth N and ospf priority 1 on Hub1. + key phase2 key abc123 and
0.0.0.0 (wildcard)
b) bandwidth (N-1) and ospf priority 10 (lower than Hub1) on hub2. +
isakmp key abc123 and 0.0.0.0

c) Gre multippoint on hub1 and hub2
d) each remote site - one unnel interface, pointing to both hubs.

On Sun, Oct 30, 2011 at 7:13 AM, Paul Tim <paultim68_at_gmail.com> wrote:

> Hello Experts
> I got One Hub and 30 Spokes as VPN Server and Client. VPN Server is running
> on 3800 series box with Public Static IP and clients are mixed i.e 1800
> series / ASA / 877 / 2800. Some Clients are with Public Static Ip and some
> are Dynamic IP. When its Router-to-Router VPN then we configure IPSEC over
> GRE to avoid creating ACL to allow or deny access.
> OSPF is the Routing protocol for all sites.
>
> I am planning to move to DMVPN with Dual Hub for load sharing and
> redundancy. Second Hub Server will come at a later stage.
>
> My question is can I run DMVPN on my existing Hub Router with existing
> configuration of site to site VPN. Appreciate input on migration plan in
> similar scenario.
>
> cheers
> Paul
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Sat Oct 29 2011 - 21:39:56 ART