First things first is getting DMVPN rocking on this Topology, and from in depth reading into different deployments of DMVPN, it seems the preferred method is to actually have two different DMVPNs running on BR1 and BR2, then configure spokes to be able to reach both (and each other). Its been a lot of head … Continue reading Huge DMVPN / PfR / FVRF Lab – Trying to get things working smoothly but failing, will be going back to basics for now!
One thing to note when going through DMVPN / Legacy or VTY Site-to-Site IPSec VPN profiles, is the IPSec configuration is basically always the same, though it has many variables that can be fine tuned whether its building an IPSec Profile to apply to a Tunnel Interface or building a Crypto Map both require basically … Continue reading Site-to-Site VPN – VTI (Virtual Tunnel Int) VPN discussion, configuration, and differences from Legacy Site-to-Site VPN!
This is referred to as "Legacy IPSec Site to Site VPN" which is kind of surprising to me that its already labeled legacy (outdated), however I'll get through a very light weight configuration specifically to encrypt communication between 184.108.40.206/32 and 220.127.116.11/32. All other traffic will be passed normally, those two specific src / dst IP's … Continue reading Site-to-Site VPN – Legacy IPSec Site-to-Site VPN Tunnel configuration demo, some verification, very straight forward!
I have not delved too deeply into QoS in general in my network studies (shame on me), however I will try to make this as intelligible as possible for my first time really looking at the basic concept of getting QoS to work on packets being encapsulated and encrypted! Quick review of IPSec built-in QoS … Continue reading DMVPN – QoS over DMVPN Tunnels using built in ToS Byte Preserve, then a lab on class-map configuration and “QoS Pre-Classify” configuration for DMVPN!
Drawing up IPSec Profiles to secure the DMVPN Network is honestly as easy as pictured above, though in modern networks there would be much stronger passwords, and most likely multiple profiles that would be deployed at different branches in the event one IPSec Profile were to become compromised. While troubleshooting my branch office deployment I … Continue reading DMVPN – Configuring and applying an IPSec Profile to DMVPN Tunnel interfaces, NHRP Auth config, and troubleshooting commands for IPSec!