Chapter 40
More About....
Firewall Policy Use Case Scenario
DMVPN Configuration Recommendations
Configure the Hub First
Assigning Spoke Addresses
OL-4015-12
track /rtr or both is not configured
–
route-map is removed
–
Access-list is removed or access-list is modified (for example, tracking
–
ip address is modified)
The Cisco SDM-supported interfaces are configured with unsupported
–
configurations
The primary interfaces are not supported by Cisco SDM
–
For information on firewall policy management, including detailed deployment
scenarios, see the document at the following link:
http://www.cisco.com/application/pdf/en/us/guest/products/ps5318/c1225/ccmig
ration_09186a0080230754.pdf
This help topic contains recommendations on how you should proceed when
configuring routers in a DMVPN.
It is important to configure the hub first because spokes must be configured using
information about the hub. If you are configuring a hub, you can use the Spoke
Configuration feature available in the Summary window to generate a text file that
contains a procedure that you can send to spoke administrators so that they can
configure the spokes with the correct hub information. If you are configuring a
spoke, you must obtain the correct information about the hub before you begin.
All routers in the DMVPN must be in the same subnet. Therefore, the hub
administrator must assign addresses in the subnet to the spoke routers so that
address conflicts do not occur, and so that everyone is using the same subnet
mask.
Cisco Router and Security Device Manager 2.5 User's Guide
Firewall Policy Use Case Scenario
40-29