Hello all,
So in preparation of learning the VPN's for v5 I have started with l2tpv3 and DMVPN. I am pretty good with configuring these both from scratch, however what I keep thinking is how much detail is Cisco going to test over. I know no one knows this now, but what little things are there that they can throw in this design that could shake things up?
I've mainly been studying a single hub design as that's what will be tested on. Just looking for the little tweaks that could possibly be introduced.
Below are my configs for anyone looking and just starting to study DMVPN. This should help you in getting started with labbing.
HUB CONFIGURATION
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
crypto ipsec transform-set MYSET esp-aes esp-sha-hmac
crypto ipsec profile MY_PROFILE
set transform-set MYSET
interface tunnel0
bandwidth 1000
no ip split-horizon eigrp 1
no ip next-hop-self eigrp 1
ip address <PRIVATE TUNNEL ADDRESS>
ip mtu 1400
ip tcp adjust-mss 1360
ip nhrp authentication cisco
ip nhrp map multicast dynamic
ip nhrp network-id 5
tunnel source <PUBLIC INTERFACE>
tunnel mode gre multipoint
tunnel key 6
tunnel protection ipsec profile MY_PROFILE
router eigrp 1
no auto
net 10.0.0.0
-----------------------------------------------------
SPOKE CONFIGURATION
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
crypto ipsec transform-set MYSET esp-aes esp-sha-hmac
crypto ipsec profile MY_PROFILE
set transform-set MYSET
interface tunnel 0
band 1000
ip address <PRIVATE TUNNEL ADDRESS>
ip mtu 1400
ip tcp adjust-mss 1360
ip nhrp authentication cisco
ip nhrp map multicast <PUBLIC IP ADDRESS OF HUB>
ip nhrp nhs <PRIVATE TUNNEL ADDRESS OF HUB>
ip nhrp map <PRIVATE TUNNEL ADDRESS OF HUB> <PUBLIC IP ADDRESS OF HUB>
ip nhrp network-id 5
tunnel source <PUBLIC INTERFACE>
tunnel mode gre multipoint
tunnel key 6
tunnel protection ipsec profile MY_PROFILE
router eigrp 1
no auto
net 10.0.0.0