Download
Share
Print this page
Cisco 1751 Solution Overview
  1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Network Router
  5. 1751
  6. Solution overview
Cisco 1751 Solution Overview

Cisco 1751 Solution Overview

Configuring dynamic multipoint vpn with on-demand routing
Hide thumbs Also See for 1751:

Advertisement

Quick Links

Download this manual
SOLUTION OVERVIEW
CONFIGURING DYNAMIC MULTIPOINT VPN
WITH ON-DEMAND ROUTING
OVERVIEW
This document provides a sample configuration for configuring On-Demand Routing (ODR) with Dynamic Multipoint VPN (DMVPN) in hub to
spoke configuration. The DMVPN feature simplifies the hub router IPsec configuration and supports dynamic IP addresses at the spoke router.
DMVPN combines Generic Routing Encapsulation (GRE) tunnels, IPsec encryption, and Next Hop Resolution Protocol (NHRP). It provides IP
routing for remote sites, while minimizing the overhead on the network devices. This sample configuration also allows load balancing with dual
ODR hub routers, failover to a single hub when a hub router fails, and the recovery from a hub router failure when it is recovered.
Figure 1. Network Diagram
PREREQUISITES
The sample configuration is based on the following assumptions:
Public IP addresses for the hub routers (10.0.149.221 and 10.0.149.220)
DMVPN network for tunnel interface on both hubs are 192.168.1.0/24 and 192.168.2.0/24
Spoke router can use static IP or dynamic IP addresses
Example uses Enhanced Interior Gateway Routing Protocol (EIGRP) as its dynamic routing protocol
Example uses pre-shared keys for authentication
Disabled split tunneling for the spoke router; this allows the Internet traffic to go through the hub only
LIMITATIONS
This guide provides the DMPVN configuration, but does not cover the following configuration:
Full router security audit: run a Security Device Manager (SDM) security audit in the wizard mode to lock down and secure the router.
Initial router configuration step: full configuration is shown in the following section.
All contents are Copyright © 1992–2005 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 1 of 16

Advertisement

loading

Related Manuals for Cisco 1751

Summary of Contents for Cisco 1751

  • Page 1 Full router security audit: run a Security Device Manager (SDM) security audit in the wizard mode to lock down and secure the router. Initial router configuration step: full configuration is shown in the following section. All contents are Copyright © 1992–2005 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement. Page 1 of 16...
  • Page 2 Configuration changes made to either the CDP or ODR timers should be reflected through changes made to both. For additional information about configuring ODR timers, refer to: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca75f.html#1000989 Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com. © 2005 Cisco Systems, Inc. All rights reserved. Page 2 of 16...
  • Page 3 1360 no ip split-horizon eigrp 1 delay 1000 cdp enable Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com. © 2005 Cisco Systems, Inc. All rights reserved. Page 3 of 16...
  • Page 4 0.0.0.0 0.0.0.0 10.0.149.207 access-list 101 permit ip any 192.168.0.0 0.0.255.255 Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com. © 2005 Cisco Systems, Inc. All rights reserved. Page 4 of 16...

  • Page 5: Normal Operation

    Phase1_id: 10.0.150.2 Desc: (none) IKE SA: local 10.0.149.221/500 remote 10.0.150.2/500 Active Capabilities:D connid:11 lifetime:20:56:02 Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com. © 2005 Cisco Systems, Inc. All rights reserved. Page 5 of 16...
  • Page 6 Distance: (default is 160) c3725-21#show interface tunnel 0 Tunnel0 is up, line protocol is up Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com. © 2005 Cisco Systems, Inc. All rights reserved. Page 6 of 16...
  • Page 7 CONFIGURATION OF THE CISCO 1751 SPOKE ROUTER Following are the configurations on the Cisco 1751 spoke router: Current configuration : version 12.3 Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com. Holdtme Capability Platform Port ID WS-C2950G-Fas 0/37...
  • Page 8 192.168.1.1 ip nhrp server-only ip tcp adjust-mss 1360 delay 1000 cdp enable Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com. © 2005 Cisco Systems, Inc. All rights reserved. Page 8 of 16...
  • Page 9 Codes: C-connected, S-static, R-RIP, M-mobile, B-BGP D-EIGRP, EX-EIGRP external, O-OSPF, IA-OSPF inter area Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com. © 2005 Cisco Systems, Inc. All rights reserved. Page 9 of 16...
  • Page 10 Routing Protocol is “nhrp” Maximum path: 0 Routing Information Sources: Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com. © 2005 Cisco Systems, Inc. All rights reserved. Page 10 of 16...
  • Page 11 Tunnel1 c1751-16# Verifying the network connectivity during a failure: The following results shows the status on the Cisco 1751 router when the path to the first hub fails. c1751-16#sh ip route Codes: C-connected, S-static, R-RIP, M-mobile, B-BGP D-EIGRP, EX-EIGRP external, O-OSPF, IA-OSPF inter area...
  • Page 12 100001 tunnel protection ipsec profile SDM_Profile1 shared interface FastEthernet0/0 description $FW_INSIDE$ Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com. © 2005 Cisco Systems, Inc. All rights reserved. Page 12 of 16...
  • Page 13 1 encr 3des authentication pre-share group 2 Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com. © 2005 Cisco Systems, Inc. All rights reserved. Page 13 of 16...
  • Page 14 192.168.2.1 ip nhrp server-only ip tcp adjust-mss 1360 delay 1000 Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com. © 2005 Cisco Systems, Inc. All rights reserved. Page 14 of 16...

  • Page 15: Related Information

    Configuring IPsec Network Security Configuring Internet Key Exchange Security ProtocolTechnical Support-Cisco Systems Technical Support—Cisco Systems Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com. © 2005 Cisco Systems, Inc. All rights reserved. Page 15 of 16...
  • Page 16 2005 Cisco Systems, Inc. All rights reserved. CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, ASIST, BPX, Catalyst, CCDA, CCDP,...

This manual is also suitable for:

37253745831