First things first is getting DMVPN rocking on this Topology, and from in depth reading into different deployments of DMVPN, it seems the preferred method is to actually have two different DMVPNs running on BR1 and BR2, then configure spokes to be able to reach both (and each other). Its been a lot of head … Continue reading Huge DMVPN / PfR / FVRF Lab – Trying to get things working smoothly but failing, will be going back to basics for now!
One thing to note when going through DMVPN / Legacy or VTY Site-to-Site IPSec VPN profiles, is the IPSec configuration is basically always the same, though it has many variables that can be fine tuned whether its building an IPSec Profile to apply to a Tunnel Interface or building a Crypto Map both require basically … Continue reading Site-to-Site VPN – VTI (Virtual Tunnel Int) VPN discussion, configuration, and differences from Legacy Site-to-Site VPN!
Drawing up IPSec Profiles to secure the DMVPN Network is honestly as easy as pictured above, though in modern networks there would be much stronger passwords, and most likely multiple profiles that would be deployed at different branches in the event one IPSec Profile were to become compromised. While troubleshooting my branch office deployment I … Continue reading DMVPN – Configuring and applying an IPSec Profile to DMVPN Tunnel interfaces, NHRP Auth config, and troubleshooting commands for IPSec!
This will be so basic that I am not sure exactly why I am posting, except for the sake of a refresher to this material, as the name implies instead of doing a "GRE to GRE" tunnel, we are creating Multi-GRE Tunnels with the help of NHRP (Name Hop Resolution Protocol), to allow spoke sites … Continue reading DMVPN – mGRE review of NHRP Servers and Client configurations (nothing labbed), and a glimpse out IPSec configuration at the very end!
The graphic above shows a VPN Tunnels two modes (Transport and Tunnel), along with how their payloads differ when configured with AH (Authentication only) and ESP (Encryption) on the tunnel, and what protocols correlate with all of it. (After watching the content of the CCIE R/S VPN Technology course, this article more than sums up … Continue reading TSHOOT – GRE DEEP DIVE!!! MTU / Fragmentation / TCP-MSS / PMTUD / Recursive Routing / Interface States / must know information for exam day!
Since we are now efficient at all things GRE and IPSec VPN at this point, that makes for a smooth transition into DMVPN , though I want to be crystal clear that the ROUTE Blueprint mentions only "Describe DMVPN (Single Hub)" so I will not be configuring it all over again, I do have a … Continue reading VPN: DMVPN, NHRP, and mGRE – Brief initial configuration review, verification review, and a link to all the gritty details!
So this is very odd to me after going through the last two posts of GRE and IPSec configuration, however once I found good information, configuration was a breeze. **PLEASE READ EXAM DAY NOTE AT END OF POST FOR SCENARIOS WHERE THE ROUTES HAVE TO BE IN THE DYNAMIC ROUTING PROTOCOL FOR OTHER ROUTERS** You … Continue reading VPN: DEEP Dive into GRE over IPSec configuration, explanation, and very easy actually once you are familiar with GRE and IPSec!
This is more a Part 2 of 3 in the series of 1 being building a GRE tunnel which we now have, 2 building an IPSec Tunnel which we will have shortly, and 3 placing the GRE traffic into the IPSec VPN for transmission - As IPSec only sends Unicast but GRE takes any type … Continue reading VPN: DEEP Dive into IPSec, configurations / functions, the VPN fails, but is troubleshot with debugs / verification commands to fix the issue explained!
Working from Sw1, I want 126.96.36.199 /24 traffic to initialize and be encrypted to the 188.8.131.52 /32 network when traffic hits R2, and vice versa from 184.108.40.206 /32 configured on R1. I want my traffic from this switch specifically destined to network 220.127.116.11 /32 to take the path of R2 - R1 - R5 and … Continue reading Complete guide to Basic IPSec VPN Configuration, explanations of concepts, debugs, and some show commands for tshooting issues!