7200emu.hacki.at

sankilla · Joined: 21 Dec 2006 Posts: 140 Location: United States

OK, thought I would make my little experiment available to the masses...while studying the DMVPN configurations and Idea's I created this lab to test myself. So, I thought I'd also make it available to those whom are studying for CCIE Security or advance CCSP. tell me what you think, please please...keep the thread clean don't bombard it with babble typing...PLEASE!

I'll post my configuration and .net files in a few days...Good Luck. Please PM me if you have questions about the options and requirements. Again, this is for those who are studying CCIE and Strong CCNP configurations, if you are not good with Frame-relay, Eigrp, Ospf, GRE tunnels, or IPSec this lab will be very hard for you........"wink, wink"....Thanks again for the awesome support everyone...!

sankilla · Joined: 21 Dec 2006 Posts: 140 Location: United States

ok, No takers......HMMMMM ok, here is the lab that I put together check it out if you want and let me know what you think...

There are two labs if you want them...

sankilla · Joined: 21 Dec 2006 Posts: 140 Location: United States

Here are the labs for the Dual HUB DMVPN configuration

x-men2 · Guest

Only one question:
Does these configs work?
(I´m not a english men and i miss the "spoke" router)

sankilla · Joined: 21 Dec 2006 Posts: 140 Location: United States

Yes, the .net file works great. and the configs are complete....

Us3rN4me · Joined: 01 Jun 2007 Posts: 22 Location: USA

Thank you for your post. I am working with your configs so as to understand DMVPN.

I've been tasked with setting up DMVPN as a backup link to the primary ethernet wireless connection. It is a single hub with eight spokes. The routing protocl is EIGRP.

My question involves at what point does traffic begin using the DMVPN tunnel if setup as a backup link? It sounds as if it isn't a DMVPN issue but rather an EIGRP config and which link has preference. Again, thanks for your post.

HUB
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 2
crypto isakmp key password address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set ts_dmvpn esp-aes 256 esp-sha-hmac
!
crypto ipsec profile dmvpn
set transform-set ts_dmvpn
!
interface Tunnel0
description DMVPN Connection to the Internet
ip address 172.16.31.1 255.255.255.0
ip mtu 1400
ip nhrp authentication password123
ip nhrp map multicast dynamic
ip nhrp network-id 1234
tunnel source Gi0/1
tunnel key 2332
tunnel mode gre multipoint
tunnel protection ipsec profile dmvpn
bandwidth 100000
ip tcp adjust-mss 1360
ip nhrp holdtime 450
delay 1000
no ip split-horizon eigrp 100

spoke
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 2
crypto isakmp key password address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set ts_dmvpn esp-aes 256 esp-sha-hmac
!
crypto ipsec profile dmvpn
set transform-set ts_dmvpn

interface Tunnel0
description DMVPN backup Link to Main
ip address 172.16.31.3 255.255.255.0
ip mtu 1400
ip nhrp authentication password123
ip nhrp map 172.16.31.1 1.1.1.1
ip nhrp map multicast 1.1.1.1
ip nhrp nhs 172.16.31.1
ip nhrp network-id 1234
tunnel source vlan203
tunnel key 2332
tunnel mode gre multipoint
tunnel protection ipsec profile dmvpn
bandwidth 100000
ip tcp adjust-mss 1360
ip nhrp holdtime 450
delay 1000[/img]

sankilla · Joined: 21 Dec 2006 Posts: 140 Location: United States

What type of internet backup circuits are you using...FR, ISDN, EVDO, ?

sankilla · Joined: 21 Dec 2006 Posts: 140 Location: United States

What type of internet backup circuits are you using...FR, ISDN, EVDO, ?

Us3rN4me · Joined: 01 Jun 2007 Posts: 22 Location: USA

Cable Modem / DSL approx - 3 Mbps. up 1 Mbps down.

I have DMVPN setup and EIGRP recognizing both links. The current issue is EIGRP has equal cost load balancing and it is causing a slow down. What I'd like to do is setup Policy Based Routing so the Ethernet Wireless is the prefered route. Also, I am working with the Variance option too. Last, I am looking into whether two instances of EIGRP with Redist would help. My task involves optimizing EIGRP so the following takes place -

1.) Wireless is preferred Route
2.) Configure for fast convergence
3.) Or Configure unequal load balancing without performance hits.

nd0627 · Joined: 15 Aug 2006 Posts: 12

does anyone here know what software was used to draw dmvpn.png and dmvpn2.png ?

i'm currently using ms office visio 2k3. i am not sure if i'm just missing some modules.

thanks.

sankilla · Joined: 21 Dec 2006 Posts: 140 Location: United States

You can use MS Visio to save a copy of your visio as a .png. or you can use GNS3 and export the diagram which shows you a .png file.

Us3rN4me, I'm researching the answer to your question as it is a interesting one. If you want the DMVPN to be up all the time with the bulk of your traffic going over the Wireless link? Then the easiest way would be to use the varience command. If you looking for the DMVPN to only come-up when the primary link goes down, "this would be hard" I was looking at using a form of what we do in BGP with route watching, to bring up the DMVPN connections, but the answer is illusive. I wil lcontinue to try and formulate a working config, and if you find a solution I would be interested in seeing it. Thanks SanKilla

Us3rN4me · Joined: 01 Jun 2007 Posts: 22 Location: USA

nd0627
Packet Icons for Visio can be found here
http://www.cisco.com/web/about/ac50/ac47/2.html

sankilla - thank you for giving it some thought. For convergence time - having the DMVPN up all the time will be essestial - I'll go with the variance cmd.

Question: how do you enable "show DMVPN" cmd? I am using a C3640-JK9S-M 12.4(16) for my test lab. Cisco documentation states the command is not enabled.

sankilla · Joined: 21 Dec 2006 Posts: 140 Location: United States

Well, there is no DMVPN show commands, you will need to use the protocol show commands, remember nhrp is the protocol that really makes DMVPN work,,,much like TED from the old days...

router#show ip nhrp