GNS3-Labs Topology: DMVPN with VRF and EIGRP Over IPSEC Tunnels
Written by LBSources from http://www.gns3-labs.com on September 14th, 2008 | 5 CommentsIt’s great to see how many people love the site and what I am trying to do with it. We have another great lab from Dion with some cool learning and configurations. This is a lab for all levels.
You too can share your labs and co-admin this site by shooting me an email at postmy [AT] gns3-labs [DOT] com
Ok onto the lab..
Dion says…
There are 3 routers that are simulating a DMVPN network with GRE IPSEC Tunnels.
Behind each of these Routers are two more networks (in this case I have called one data and one voice).
These have been put in separate VRF’s, to simulate separating Voice & Data on one network, with separate DMVPN IPSEC tunnels.
Routing has been done with EIGRP, and setup on the routers so only voice networks can talk to other voice networks and so on.
Routers Used: 7200
IOS: c7200-jk9o3s-mz.124-17a
Feature of Topology: DMVPN, GRE, IPSec Tunnels, EIGRP, VRF (Virtual Routing and Forwarding)
Reading: Virtual Routing and Forwarding, DMVPN, Next Hop Resolution Protocol (NHRP)
Image: 
Download: GNS3-Labs - DMVPN with VRF and EIGRP Over IPSEC Tunnels
BTW I put this into the lab using the GNS3 0.6 Beta which is Awesome and will soon be released!
Enjoy .. LBS
Thanks Dion!
13,302 viewsTags: DMVPN, Dynamic Multipoint VPN, EIGRP, GNS3 Topology, GRE, GRE VPN Tunnel, IPSec, Virtual Routing and Forwarding, VRF
You can leave a response, or trackback from your own site.
Subscribe to GNS3 Labs :: Cisco Router Simulator Network Topologies
October 8th, 2008 at 4:58 pm
if you look for this link, sure you’ll find the 0.6:
Please see GNS3-Labs.com UNOFFICIAL GNS3-0.6 BETA Release
November 20th, 2009 at 4:15 pm
Hey im was thinking of using this in production but I dont understand why I would need to use the VRF for the voice network?
January 4th, 2010 at 3:21 pm
Jus tried this lab at home , everything is fine except i am unable to ping voice networks…i also tried extended ping but it is not working….Any help ??
January 19th, 2010 at 10:06 am
Hi David,
It’s interesting to separate the data network from the voice network (on the entire network/backbone) for safety aspects. This avoids the wiretagging, the attacks on the callmanagers, gateway voices, …
To do this, you need VRF feature. A FW allows only the desired traffic (management traffic for the Voice configuration, voice flows, …).
Regards,
Lionel
January 19th, 2010 at 10:15 am
Hi Nafy,
You can’t ping voice network from data network because you don’t have a route allowing inter-vrf access.
You can test this on R1 for example: ip route vrf voice 0.0.0.0 0.0.0.0 fa1/0 192.168.0.1 global
This route allows the voice traffic to join any network via the interface in the GRF. The “global” tag means “inter-vrf routing”.
I didn’t test this lab… I can do it if you want..
Regards,
Lionel