This won't be a real long lab, as its more just removing OSPF as the WAN, configuring the ISP Router with point to point static routes to each site, then adding a single default route out to the Internet like you would any site in the Front Door VRF and associating both the Physical and … Continue reading DMVPN w/ Front Door VRF – Finally got it with static routing instead of trying to use OSPF over the WAN to form Adjacencies!
I have to honestly say, I am so relieved (for now) to have this smaller Topology to demonstrate how and why Front Door VRF's work, why they work and why we care about them at all when no Cisco training material mentions them. Warning - This is another post that doesn't really teach you how … Continue reading DMVPN / Front Door VRF – A long lab of trying to get this to work, but it is fighting me all the way, to be continued…
First things first is getting DMVPN rocking on this Topology, and from in depth reading into different deployments of DMVPN, it seems the preferred method is to actually have two different DMVPNs running on BR1 and BR2, then configure spokes to be able to reach both (and each other). Its been a lot of head … Continue reading Huge DMVPN / PfR / FVRF Lab – Trying to get things working smoothly but failing, will be going back to basics for now!
I have not delved too deeply into QoS in general in my network studies (shame on me), however I will try to make this as intelligible as possible for my first time really looking at the basic concept of getting QoS to work on packets being encapsulated and encrypted! Quick review of IPSec built-in QoS … Continue reading DMVPN – QoS over DMVPN Tunnels using built in ToS Byte Preserve, then a lab on class-map configuration and “QoS Pre-Classify” configuration for DMVPN!
There will actually be no labbing of this one, as the same configurations will still apply to building tunnel interfaces, with just a few tweaks for the Routing Protocols swapped. What type of OSPF Area is used, why it is used, and additional OSPF configs Being that these Branches are going to have a single … Continue reading DMVPN – Quick review (non-labbed) of configs needed for OSPF as the Branches IGP with BGP running over the WAN!
Drawing up IPSec Profiles to secure the DMVPN Network is honestly as easy as pictured above, though in modern networks there would be much stronger passwords, and most likely multiple profiles that would be deployed at different branches in the event one IPSec Profile were to become compromised. While troubleshooting my branch office deployment I … Continue reading DMVPN – Configuring and applying an IPSec Profile to DMVPN Tunnel interfaces, NHRP Auth config, and troubleshooting commands for IPSec!
The above Topology has already been configured with its respective IP Addressing / Routing Protocols, all Adjacencies are Up/Up, and we are ready to jump straight into NHRP (Next Hop Resolution Protocol) configuration on the Hub / NHS (Next Hop Server) which will be PHX1 Router in this Topology and then onto the DMVPN Spokes! … Continue reading DMVPN – Huge DMVPN Lab, multi-branch deployment considerations, Phase 1 to Phase 2 DMVPN clearly demonstrated, lots of configuration and verification!
This will be so basic that I am not sure exactly why I am posting, except for the sake of a refresher to this material, as the name implies instead of doing a "GRE to GRE" tunnel, we are creating Multi-GRE Tunnels with the help of NHRP (Name Hop Resolution Protocol), to allow spoke sites … Continue reading DMVPN – mGRE review of NHRP Servers and Client configurations (nothing labbed), and a glimpse out IPSec configuration at the very end!
I initially stuck my TSHOOT GRE Deep Dive into the CCIE DMVPN bucket, but there is no such thing as too much practice or repetition, so get ready for some more here 🙂 Back to the basics of GRE and why this ancient protocol has any relevance It routes almost ANY kind of traffic which … Continue reading DMVPN – Review of GRE Tunnel setup, do’s and dont’s for configuration, case uses for a GRE Tunnel, and more!
Since we are now efficient at all things GRE and IPSec VPN at this point, that makes for a smooth transition into DMVPN , though I want to be crystal clear that the ROUTE Blueprint mentions only "Describe DMVPN (Single Hub)" so I will not be configuring it all over again, I do have a … Continue reading VPN: DMVPN, NHRP, and mGRE – Brief initial configuration review, verification review, and a link to all the gritty details!
This was a misleading Topology in the way that, this describes a Phase 1 DMVPN. There are 3 phases of DMVPN, which are like different series, which has progressively gotten better over time and included more features. This is a list of the 3, and what features they included / lacked: Phase 1 - Hub … Continue reading More Intro to DMVPN! Phases descriptions, what NHRP is, a Phase 2 configuration and troubleshooting
So I have not been posting over the weekend, however I haven't been slacking either. What I am going to post today is going to be a mixture of information from Chris Bryant's 8 minute DMVPN video, and the few parts I watched from the 8 hours of INE CCNP DMVPN training. INE really goes … Continue reading DMVPN – Theory, explanations, and illustrations! (Lab coming up next post)