We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 651 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

470 Sign Ups in the last 30 days

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: , , ,

Forum Replies

  1. Hi Zaw,

    The most security solution is to use a pre-shared key for each hub/spoke combination. If you have 100 spokes, you’ll need to configure 100 pre-shared keys. For a few spoke routers this is no problem but if you have a lot then this will become an administrative nightmare. GETVPN is more suitable for larger setups, that’s something I’ll cover in another lesson :slight_smile:


  2. Mark,
    They are definitely compatible. Unfortunately, I am not able to see an attachment for your configs. Could you paste in your configs–ideally, your working phase 3, then the addition/changes you make with the IPSEC?

  3. Hello laz,
    I have a few questions.

    1. Would you please let me know the order of operations when a packet is being sent over a DMVPN protected with IPSEC tunnel?
      My understanding is route lookup which is the tunnel interface-----GRE encapsulation-----IPSEC encapsulation—exit out of the interface. Please let me know if it is correct?
    2. If the IPSEC tunnel goes down still I should be able to send out traffic through the GRE tunnel. The only problem is the traffic will not be encrypted. Is it correct?
    3. For the sake of this conversation, let’s just say I have only one SP
    ... Continue reading in our forum

  4. Hello Azm

    For this question, Cisco has an excellent example and explanation as to the order of operations for the scenario you describe. This information can be found here.

    ... Continue reading in our forum

  5. Hello Laz,
    The config is below


    HUB#sho run inter tunnel 0
    interface Tunnel0
     ip address
     no ip redirects
     ip nhrp map multicast dynamic
     ip nhrp network-id 1
     ip nhrp redirect
     tunnel source
     tunnel mode gre multipoint
    HUB#sho run inter ethernet 0/1
    interface Ethernet0/1
     description WAN INTERFACE
     ip address
    ip route Tunnel0
    HUB#ping source tunnel 0
    Type escape sequ
    ... Continue reading in our forum

33 more replies! Ask a question or join the discussion by visiting our Community Forum