Re: DMVPN

Hi,

Note that ASA does not support dmvpn.

You will probably end up with a mix.

Regards.
On Oct 30, 2011 6:25 AM, "Paul Tim" <paultim68_at_gmail.com> wrote:

> Thanks alot Brian & Frog.
> Let me put the config on txt file and share, to have your opinion.
>
> cheers
> Paul
>
>
> On Sun, Oct 30, 2011 at 5:39 AM, Brian McGahan <bmcgahan_at_ine.com> wrote:
>
> > If you're using DMVPN Phase 3 you're better off running OSPF in
> > point-to-multipoint as opposed to broadcast. It simplifies the database
> > lookup for OSPF, and avoids potential cases where spokes are isolated
> from
> > the network if the DR/BDR election fails.
> >
> > During your migration just set the OSPF cost of the new DMVPN tunnels to
> a
> > high value, so you will prefer your old static IPsec over GRE until you
> can
> > verify that the DMVPN network is actually working as you want. You may
> > consider running a separate OSPF process over the new DMVPN network
> during
> > your migration, which means that it won't interfere with any of the path
> > selection of your current network. All you'd need to do then is set the
> > administrative distance of the new OSPF process to higher than 110, so
> the
> > original process is preferred. This way when your migration is complete
> > you can simply set the new process to a lower distance to be preferred,
> and
> > routing should happen over the DMVPN network, but if you need to rollback
> > you just need raise the distance again.
> >
> > So in short, like Frog said, yes you can do it. The tunnel key will
> allow
> > the router to figure out which GRE traffic belongs to the old static
> > tunnels vs. the new DMVPN network.
> >
> > HTH,
> >
> >
> > Brian McGahan, CCIE #8593 (R&S/SP/Security)
> > bmcgahan_at_INE.com
> >
> > Internetwork Expert, Inc.
> > http://www.INE.com
> > ________________________________________
> > From: nobody_at_groupstudy.com [nobody_at_groupstudy.com] On Behalf Of
> > Radioactive Frog [pbhatkoti_at_gmail.com]
> > Sent: Saturday, October 29, 2011 6:15 PM
> > To: Paul Tim
> > Cc: Cisco certification
> > Subject: Re: DMVPN
> >
> > Certainly you can do that without any issue. In a hutshell, if u are
> > running OSPF, make sure you assign:
> > a) bandwidth N and ospf priority 1 on Hub1. + key phase2 key abc123 and
> > 0.0.0.0 (wildcard)
> > b) bandwidth (N-1) and ospf priority 10 (lower than Hub1) on hub2. +
> > isakmp key abc123 and 0.0.0.0
> >
> > c) Gre multippoint on hub1 and hub2
> > d) each remote site - one unnel interface, pointing to both hubs.
> >
> >
> > On Sun, Oct 30, 2011 at 7:13 AM, Paul Tim <paultim68_at_gmail.com> wrote:
> >
> > > Hello Experts
> > > I got One Hub and 30 Spokes as VPN Server and Client. VPN Server is
> > running
> > > on 3800 series box with Public Static IP and clients are mixed i.e 1800
> > > series / ASA / 877 / 2800. Some Clients are with Public Static Ip and
> > some
> > > are Dynamic IP. When its Router-to-Router VPN then we configure IPSEC
> > over
> > > GRE to avoid creating ACL to allow or deny access.
> > > OSPF is the Routing protocol for all sites.
> > >
> > > I am planning to move to DMVPN with Dual Hub for load sharing and
> > > redundancy. Second Hub Server will come at a later stage.
> > >
> > > My question is can I run DMVPN on my existing Hub Router with existing
> > > configuration of site to site VPN. Appreciate input on migration plan
> in
> > > similar scenario.
> > >
> > > cheers
> > > Paul
> > >
> > >
> > > Blogs and organic groups at http://www.ccie.net
> > >
> > > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Sun Oct 30 2011 - 07:24:15 ART