Topology: DUAL DMVPN- Dynamic Multipoint VPN Over Frame-Relay Using EIGRPWritten by LBSources from http://www.gns3-labs.com on July 9th, 2008 | 1 Comment
This is a DMVPN lab taken from this thread. The author of the post pitched a scenario by which he wanted folks to submit their work showing their attempt at it.
This is the scenario…..
DUAL HUB DMVPN Challenge:
A customer has hired you to configure 4 routers for them. Their requirements are listed below, keep in mind that this is only the start and many more routers will follow as the company begins to expandEquipment Needed:
4 routers (IOS must be at minimum 12.3 and support cryptographic services)
1 Serial Interface
1 LAN device
- Configure 2 hub Routers HUB-A & HUB-B at a Central site, 2 remote site Routers Spoke1 & Spoke2 each should have redundant links to each HUB Router
- Each router will have a private RFC 1918 Lan subnet using a CIDR /24 they cannot be overlapping, the HQ lan segment must have redundancy to the L3 gateway.
- Public interfaces should be multipoint Frame-relay connections, IP addressing for each WAN interface should be a public routable ip’s each wan interface can be in the same subnet range.
- No Dynamic routing and no static routes allowed openly on the public internet, all private ip address will be dropped by your ISP.
- You must allow your Corporate Lan Subnets the ability to reach each remote site dynamically
- All routing must be dynamic
- All lan to lan traffic must be encrypted
- HQ lan segment must always be reachable from a remote site perspective
Remember you are using Dynamic Multipoint VPN configuration, good luck.
A complete configuration will be provide, you should also submit your configuration once you believe you have achieved the end result.
What is DMVPN?
A Dynamic Multipoint Virtual Private Network is an enhancement of the virtual private network (VPN) configuration process of Cisco IOS-based routers. DMVPN prevents the need for pre-configured (static) IPSEC peers in Crypto map configurations and isakmp peer statements. This feature of Cisco IOS allows greater scalability over previous ipsec configurations. An ipsec tunnel between two Cisco routers may be created on an as needed basis. Tunnels may be created between a spoke router and a hub router (VPN headend), or between spokes. This greatly alleviates the need for the hub to route data between spoke networks, as was common in a non-fully meshed frame relay topology.
Routers Used: 3745
Feature of Topology: DMVPN, Dynamic Multipoint VPN, EIGRP, HSRP, Frame-Relay, NHRP
Enjoy .. LBS25,637 views
Tags: 3745, CCIE, CCNP, DMVPN, Dynamic Multipoint VPN, EIGRP, Frame-Relay, GNS3 Topology, GRE, GRE VPN Tunnel, Hot Standby Router Protocol, HSRP, Hub and Spoke, IPSec, IPSEC L2L VPN, mGRE, Next-Hop Resolution Protocol, NHRP, Router Subinterfaces, Routing Protocols