Using OSPF over DMVPN

KB ID 0001151 Dtd 03/02/16

Problem

This article is a supplement to the earlier one on Setting Up DMVPN. It covers how to use OSPF over the top of DMVPN.

This is the topology I’m going to use;

OSPF over DMVPN

As I’ve said (above) this is not a run though on setting up DMVPN, but if you want to spin it up in GNS3, or on the test bench, here’s the DMVPN config;

Hub Site

configure terminal
interface Tunnel10
ip address 192.168.254.1 255.255.255.0
ip nhrp map multicast dynamic
ip nhrp network-id 1
tunnel source 10.10.10.10
tunnel mode gre multipoint
exit
!
crypto isakmp policy 10
authentication pre-share
encryption aes
group 2
crypto isakmp key DMVPNdf3fdc829fj2iw2ndh2ds82 address 0.0.0.0
crypto ipsec transform-set TFS-PNL esp-aes esp-sha-hmac
crypto ipsec profile PF-PNL
set transform-set TFS-PNL
interface Tunnel10
tunnel protection ipsec profile PF-PNL
exit

Spoke1

configure terminal
interface Tunnel10
ip address 192.168.254.2 255.255.255.0
ip nhrp map 192.168.254.1 10.10.10.10
ip nhrp map multicast 10.10.10.10
ip nhrp network-id 1
ip nhrp nhs 192.168.254.1
tunnel source 11.11.11.11
tunnel mode gre multipoint
exit
!
configure terminal
crypto isakmp policy 10
authentication pre-share
encryption aes
group 2
crypto isakmp key DMVPNdf3fdc829fj2iw2ndh2ds82 address 0.0.0.0
crypto ipsec transform-set TFS-PNL esp-aes esp-sha-hmac
crypto ipsec profile PF-PNL
 set transform-set TFS-PNL
interface Tunnel10
tunnel protection ipsec profile PF-PNL
exit

Spoke2

configure terminal
interface Tunnel10
ip address 192.168.254.3 255.255.255.0
ip nhrp map 192.168.254.1 10.10.10.10
ip nhrp map multicast 10.10.10.10
ip nhrp network-id 1
ip nhrp nhs 192.168.254.1
tunnel source 21.21.21.21
tunnel mode gre multipoint
exit
!
configure terminal
crypto isakmp policy 10
authentication pre-share
encryption aes
group 2
crypto isakmp key DMVPNdf3fdc829fj2iw2ndh2ds82 address 0.0.0.0
crypto ipsec transform-set TFS-PNL esp-aes esp-sha-hmac
crypto ipsec profile PF-PNL
 set transform-set TFS-PNL
interface Tunnel10
tunnel protection ipsec profile PF-PNL
exit

Solution

To add OSPF over the top, here’s the additional config;

Hub Site

interface tunnel 10
ip mtu 1400
ip ospf network broadcast
ip ospf hello-interval 30
ip ospf priority 255
!
router ospf 1
router-id 192.168.254.1
network 192.168.254.0 0.0.0.255 area 52
network 192.168.0.0 0.0.0.255 area 52

Spoke 1

interface tunnel 10
ip mtu 1400
ip ospf network non-broadcast
ip ospf priority 0
!
router ospf 1
router-id 192.168.254.2
network 192.168.254.0 0.0.0.255 area 52
network 192.168.1.0 0.0.0.255 area 52

Spoke 2

interface tunnel 10
ip mtu 1400
ip ospf network non-broadcast
ip ospf priority 0
!
router ospf 1
router-id 192.168.254.3
network 192.168.254.0 0.0.0.255 area 52
network 192.168.2.0 0.0.0.255 area 52

Related Articles, References, Credits, or External Links

Cisco – Configuring Dynamic Multipoint Virtual Private Networks DMVPN

Implementing GDOI into DMVPN

Author: PeteLong

Share This Post On

Submit a Comment

Your email address will not be published. Required fields are marked *