DMVPN - Phase 1 with EIGRP
Here is a quick and clean DMVPN Phase 1 Configuration:
Hub Router
IPsec:
HUB01(config)# crypto isakmp policy 10
HUB01(config-isakmp)# encr 3des
HUB01(config-isakmp)# hash md5
HUB01(config-isakmp)# authentication pre-share
HUB01(config)# crypto isakmp key CISCO address 0.0.0.0 0.0.0.0
HUB01(config)#crypto ipsec transform-set TR_SET esp-3des
HUB01(cfg-crypto-trans)# mode transport
HUB01(config)# crypto ipsec profile DMVPN
HUB01(config-profile)# set transform-set TR_SET
Tunnel:
HUB01(config)# interface tunnel 0
HUB01(config-if)# ip address 192.168.200.1 255.255.255.0
HUB01(config-if)# ip mtu 1400
HUB01(config-if)# ip tcp adjust-mss 1360
HUB01(config-if)# ip nhrp authentication DMVPN
HUB01(config-if)# ip nhrp map multicast dynamic
HUB01(config-if)# ip nhrp network-id 1
HUB01(config-if)# ip nhrp holdtime 60
HUB01(config-if)# ip nhrp registration no-unique
HUB01(config-if)# tunnel source FastEthernet0/1 (WAN interface)
HUB01(config-if)# tunnel mode gre multipoint
HUB01(config-if)# tunnel key 1234
HUB01(config-if)# tunnel protection ipsec profile DMVPN
HUB01(config-if)# no ip eigrp 1 split-horizon eigrp 1
HUB01(config-if)# bandwidth 1000
EIGRP:
HUB01(config)# router eigrp 1
HUB01(config-router)# no auto-summary
HUB01(config-router)# network 192.168.200.0
HUB01(config-router)# network 10.0.0.0 0.0.0.255 (internal network)
IP Route:
Remember to add a default route to the outside network, or a specific route for the outside interface of the DMVPN spoke interface
Spoke Router
IPsec:
SPOKE01(config)# crypto isakmp policy 10
SPOKE01(config-isakmp)# encr 3des
SPOKE01(config-isakmp)# hash md5
SPOKE01(config-isakmp)# authentication pre-share
SPOKE01(config)# crypto isakmp key CISCO address 0.0.0.0 0.0.0.0
SPOKE01(config)#crypto ipsec transform-set TR_SET esp-3des
SPOKE01(cfg-crypto-trans)# mode transport
SPOKE01(config)# crypto ipsec profile DMVPN
SPOKE01(config-profile)# set transform-set TR_SET
Tunnel:
SPOKE01(config)# interface tunnel 0
SPOKE01(config-if)# ip address 192.168.200.2 255.255.255.0
SPOKE01(config-if)# ip mtu 1400
SPOKE01(config-if)# ip tcp adjust-mss 1360
SPOKE01(config-if)# ip nhrp authentication DMVPN
SPOKE01(config-if)# ip nhrp map 192.168.200.1 1.1.1.1 (Ext IP of Hub router)
SPOKE01(config-if)# ip nhrp network-id 1
SPOKE01(config-if)# ip nhrp holdtime 60
SPOKE01(config-if)# ip nhs 192.168.200.1
SPOKE01(config-if)# tunnel source FastEthernet0/1 (WAN interface)
SPOKE01(config-if)# tunnel destination 1.1.1.1 (Ext IP of Hub router)
SPOKE01(config-if)# tunnel key 1234
SPOKE01(config-if)# tunnel protection ipsec profile DMVPN
SPOKE01(config-if)# bandwidth 1000
EIGRP:
SPOKE01(config)# router eigrp 1
SPOKE01(config-router)# no auto-summary
SPOKE01(config-router)# network 192.168.200.0
SPOKE01(config-router)# network 172.16.0.0 0.0.0.255 (internal network)
SPOKE01(config-router)# eigrp stub
IP Route:
Remember to add a default route to the outside network, or a specific route for the outside interface of the DMVPN Hub interface
