 |
| DMVPN |
What is DMVPN?
DMVPN (Dynamic Multipoint Virtual Private Network) is a type of VPN that allows for dynamic, secure connectivity between multiple sites.
DMVPN uses a hub-and-spoke topology, with each spoke site connected to the hub site (which typically has a static IP address). Spoke sites can communicate with each other indirectly through the hub site, or directly if they have a direct IP connection.
DMVPN allows for greater flexibility and scalability than traditional VPNs, and can be used to connect sites that are geographically dispersed or changing. DMVPN is often used by organizations with remote employees or branch offices.
How does DMVPN (Dynamic Multipoint Virtual Private Network) work?
DMVPN works by creating a virtual private network (VPN) between multiple sites. A DMVPN network typically has a hub site, which has a static IP address, and spoke sites, which can communicate with each other indirectly through the hub site or directly if they have a direct IP connection.
DMVPN allows for greater flexibility and scalability than traditional VPNs, and can be used to connect sites that are geographically dispersed or changing. DMVPN is often used by organizations with remote employees or branch offices.
What are the benefits of DMVPN?
DMVPN offers many benefits over traditional VPNs, including greater flexibility, scalability, and security. DMVPN can be used to connect sites that are geographically dispersed or changing, making it ideal for organizations with remote employees or branch offices.
Additionally, DMVPN offers enhanced security features, such as encryption and access control that can help to protect your network from malicious actors.
What are the disadvantages of DMVPN?
DMVPN has a few disadvantages. Firstly, it can be difficult to troubleshoot because of the complex tunnelling that is happening. Secondly, DMVPN uses mGRE which can cause CPU utilization issues on the router. Lastly, because DMVPN uses dynamic crypto maps, it can be difficult to configure and manage.
How to configure Dynamic Multipoint VPN?
.jpg "What is (Dynamic Multipoint Virtual Private Network) DMVPN") |
| Dynamic Multipoint Virtual Private Network |
Lab Objectives:
- IP assign based on the topology
- Configure IP Routing
- Test Connectivity
- Configure DMVPN Tunnels
- Test VPN
Assign IP addresses according to the topology , like;
ISP (config) # interface
serial 1/0
ISP (config-if) # IP
address 50.0.0.2 255.0.0.0
ISP (config-if) # No
shutdown
ISP (config-if) # exit
Assign IP addresses on all interfaces of router’s as mentioned above in the topology.
After assign all IP addresses to router’s then configure IP routing.
Configure IP routing (Default routing):
We configuring default route HQ and Branches to ISP for un-known addresses.
Command for Default route; IP route 0.0.0.0(means any network) 0.0.0.0(means any subnet mask) 50.0.0.2(next hop IP address).
Test connectivity:
Before configure DMVPN we need to test connectivity. Means we will ping Branches and Head quarter router between each other if they ping with each other so over above configuration will be correct.
.jpg "What is (Dynamic Multipoint Virtual Private Network) DMVPN") |
| (Dynamic Multipoint Virtual Private Network) DMVPN |
So over above configuration was correct. It because over ping was successful.
Configure IPsec over DMVPN:
UBL-HQ Router
UBL-HQ (config) #crypto
isakmp enable
UBL-HQ (config) #
crypto isakmp policy 10
UBL-HQ (config-isakmp)
#encryption aes
UBL-HQ (config-isakmp)
# hash sha
UBL-HQ (config-isakmp)
# authentication pre-share
UBL-HQ (config-isakmp)
# group 5
UBL-HQ (config-isakmp)
# exit
UBL-HQ (config) #crypto
isakmp key cisco123 address 1.0.0.2
UBL-HQ (config) #crypto
isakmp key cisco123 address 2.0.0.2
UBL-HQ (config) #crypto
isakmp key cisco123 address 3.0.0.2
UBL-HQ (config) #crypto
isakmp key cisco123 address 4.0.0.2
UBL-HQ (config) #crypto
ipsec transform-set data esp-aes esp-sha-hmac
UBL-HQ (cfg-crypto-trans)#
exit
UBL-HQ (config) #
crypto ipsec profile dmvpn
UBL-HQ (IPsec-profile)#
set transform-set data
UBL-HQ
(IPsec-profile)#exit
UBL-HQ (config)#
interface Tunnel 0
UBL-HQ (config-if)# ip
address 172.16.0.1 255.255.0.0
UBL-HQ (config-if) #
tunnel source Serial1/0
UBL-HQ (config-if) #
tunnel mode gre multipoint
UBL-HQ (config-if ) #
tunnel key 123456
UBL-HQ (config-if) # ip
nhrp network-id 1
UBL-HQ (config-if )# ip
nhrp map multicast dynamic
UBL-HQ (config-if)# ip
nhrp authentication cisco123
UBL-HQ (config-if)# ip
nhrp redirect
UBL-HQ (config-if)# no
ip next-hop-self eigrp 100
UBL-HQ (config-if)# no
ip split-horizon eigrp 100
UBL-HQ (config-if)#
tunnel protection ipsec profile dmvpn
UBL-HQ (config-if)#exit
UBL-HQ (config-)#
router EIGRP 100
UBL-HQ (config-router)#
no auto-summary
UBL-HQ (config-router)#
network 192.168.50.0
UBL-HQ (config-router)#
network 172.16.0.0
UBL-HQ (config-router)#
exit
UBL-Branch-1
UBL-Branch-1
(config-isakmp) # group 5
UBL-Branch-1
(config-isakmp) # exit
UBL-Branch-1 (config)
#crypto isakmp key cisco123 address 50.0.0.1
UBL-Branch-1 (config)
#crypto isakmp key cisco123 address 2.0.0.2
UBL-Branch-1 (config)
#crypto isakmp key cisco123 address 3.0.0.2
UBL-Branch-1 (config)
#crypto isakmp key cisco123 address 4.0.0.2
UBL-Branch-1 (config)
#crypto ipsec transform-set data esp-aes esp-sha-hmac
UBL-Branch-1
(cfg-crypto-trans)# exit
UBL-Branch-1 (config) #
crypto ipsec profile dmvpn
UBL-Branch-1
(IPsec-profile)# set transform-set data
UBL-Branch-1
(IPsec-profile)#exit
UBL-Branch-1 (config)#
interface Tunnel 0
UBL-Branch-1
(config-if)# ip address 172.16.0.2 255.255.0.0
UBL-Branch-1
(config-if)# tunnel source Serial1/0
UBL-Branch-1
(config-if)# tunnel mode gre multipoint
UBL-Branch-1
(config-if)# tunnel key 123456
UBL-Branch-1 (config-if)#
ip nhrp network-id 1
UBL-Branch-1
(config-if)# ip nhrp map multicast 50.0.0.1
UBL-Branch-1
(config-if)# ip nhrp authentication cisco123
UBL-Branch-1
(config-if)# ip nhrp shortcut
UBL-Branch-1
(config-if)# IP nhrp nhs 172.16.0.1
UBL-Branch-1 (config-if)#
IP nhrp map 172.16.0.1 50.0.0.1
UBL-Branch-1
(config-if)# no ip next-hop-self eigrp 100
UBL-Branch-1
(config-if)# no ip split-horizon eigrp 100
UBL-Branch-1
(config-if)# tunnel protection ipsec profile dmvpn
UBL-Branch-1
(config-if)#exit
UBL-Branch-1 (config-)#
router EIGRP 100
UBL-Branch-1
(config-router)# no auto-summary
UBL-Branch-1
(config-router)# network 192.168.1.0
UBL-Branch-1
(config-router)# network 172.16.0.0
UBL-Branch-1
(config-router)# exit
.jpg "What is (Dynamic Multipoint Virtual Private Network) DMVPN") |
| (Dynamic Multipoint Virtual Private Network) DMVPN |
And
so on…..all the remaining
spokes routers configure like UBL-Branch-1.
Conclusion:
DMVPN is a great technology for those who are looking for a cost-effective way to provide redundant and scalable WAN-based remote access.
The DMVPN is a powerful tool that can be used to create a secure, reliable, and scalable VPN solution. It has many advantages over traditional VPN solutions, including the ability to dynamically adapt to changing network conditions, the ability to support multiple protocols, and the ability to provide a high degree of security.
However, the DMVPN also has some disadvantages, such as the potential for high latency and the need for careful configuration. Overall, the DMVPN is a flexible and powerful tool that can be used to create an effective VPN solution for a variety of needs.
1.
.jpg)
.jpg)
){kind=link}
0 Comments