Dmvpn Configuration Recommendations - Cisco OL-4015-08 User Manual

DMVPN Configuration Recommendations

Allowing www Traffic to DMZ Interface
DMVPN Configuration Recommendations
Configure the Hub First
Cisco Router and Security Device Manager Version 2.2 User's Guide
30-32
The Services area shows that certain types of ICMP traffic have been permitted.
The method shown in this section can also be used when there is no DMZ
network, but you want to allow a certain type of traffic onto your trusted network.
In order to allow www traffic to the hosts 10.10.10.1 and 10.10.10.2 in the DMZ
network, the user creates 2 entries using the Add button. In the Add an Extended
Rule Entry dialog, the destination host IP addresses are specified, the TCP
protocol is chosen, the source port any is chosen, and the destination port www
is chosen. The two new permit entries are the second and third entries from the
last entry.
This help topic contains recommendations on how you should proceed when
configuring routers in a DMVPN.
It is important to configure the hub first because spokes must be configured using
information about the hub. If you are configuring a hub, you can use the Spoke
Configuration feature available in the Summary window to generate a text file that
contains a procedure that you can send to spoke administrators so that they can
configure the spokes with the correct hub information. If you are configuring a
spoke, you must obtain the correct information about the hub before you begin.
Chapter 30 More About....
OL-4015-08