Agenda
Part 1 - Creating Tunnels
Part 2a - Applying IPsec
Part 2b - Applying IPsec
Part 3 - Applying Routing Protocols
Part 1 - Creating Tunnels
DMVPN means Dynamic Multipoint Virtual Private Network
Part 1 - Creating Tunnels
Part 2a - Applying IPsec
Part 2b - Applying IPsec
Part 3 - Applying Routing Protocols
Part 1 - Creating Tunnels
DMVPN means Dynamic Multipoint Virtual Private Network
DMVPN is a technical solution that
provide connectivity between spoke-to-hub and spoke-to-spoke sites through an
underlay network. Using minimal configuration lines to be implemented DMVPN
permit a better management and simplification of the configuration file of the
routers.
DMVPN is usually used to protect the
corporative data that is transmitted through a unsafe network, like public
Internet.
DMVPN protect the corporative data using
IPsec technology.
From each spoke site, try to ping the underlay ip of the hub site if failed you will need fix it first before continue with DMVPN implementation.
DMVPN will be your OVERLAY network, be in mind that DMVPN is nothing more than a lot of tunnels between one site to another, so what we will do is create this new tunnels over an existent structure/network (the underlay network).
With this point fixed we can conclude that if your underlay fail, your overlay (DMVPN) will fail too!!! :)
NHRP (Next Hop Resolution Protocol)
DMVPN will be your OVERLAY network, be in mind that DMVPN is nothing more than a lot of tunnels between one site to another, so what we will do is create this new tunnels over an existent structure/network (the underlay network).
With this point fixed we can conclude that if your underlay fail, your overlay (DMVPN) will fail too!!! :)
NHRP (Next Hop Resolution Protocol)
NHRP is a resolution protocol that allows
one NHC client (spoke) to dynamically discover the logical VPN IP to physical
NBMA IP mapping for another NHC client (spoke) within the same NBMA network.
NHRP is used to facilitate building a
VPN. In this context, a VPN consists of a virtual Layer 3 network that is built
on top of an actual Layer 3 network. The topology you use over the VPN is
largely independent of the underlying network, and the protocols you run over
it are completely independent of it. The VPN network (DMVPN) is based on GRE IP
logical tunnels that can be protected by adding in IPsec to encrypt the GRE IP
tunnels.
Connected to the NBMA network are one or
more stations that implement NHRP, and are known as NHSs and NHCs.
Now our tunnels are complete!
Try to ping the OVERLAY IPs between the HUB and SPOKE routers and between SPOKE to SPOKE routers.
Our DMVPN solution it is not finished yet !!!! We need implement IPsec. (See Part 2)
Now our tunnels are complete!
Try to ping the OVERLAY IPs between the HUB and SPOKE routers and between SPOKE to SPOKE routers.
Our DMVPN solution it is not finished yet !!!! We need implement IPsec. (See Part 2)
TOP!
ResponderExcluir