Routing Parameters Tab
|
Routing Protocol
|
Select the required dynamic routing protocol, or static route, to be used in the DMVPN tunnel.
Options include the EIGRP, OSPF, and RIPv2 dynamic routing protocols, and GRE static routes. On-Demand Routing (ODR) is also
supported. On-Demand Routing is not a routing protocol. It can be used in a hub-and-spoke VPN topology when the spoke routers
connect to no other router other than the hub. If you are running dynamic protocols, On-Demand Routing is not suitable for
your network environment.
For more information, see Understanding GRE.
|
AS Number
(EIGRP only.)
|
The number that is used to identify the autonomous system (AS) area to which the EIGRP packet belongs. The range is 1-65535.
The default is 110.
An autonomous system (AS) is a collection of networks that share a common routing strategy. An AS can be divided into a number
of areas, which are groups of contiguous networks and attached hosts. Routers with multiple interfaces can participate in
multiple areas. An AS ID identifies the area to which the packet belongs. All EIGRP packets are associated with a single area,
so all devices must have the same AS number.
|
Hello Interval
(EIGRP only.)
|
The interval between hello packets sent on the interface, from 1 to 65535 seconds. The default is 5 seconds.
|
Hold Time
(EIGRP only.)
|
The number of seconds the router will wait to receive a hello message before invalidating the connection. The range is 1-65535.
The default hold time is 15 seconds (three times the hello interval)
|
Delay
(EIGRP only.)
|
The throughput delay for the primary route interface, in microseconds. The range of the tunnel delay time is 1-16777215. The
default is 1000.
|
Bandwidth
(EIGRP only.)
|
The bandwidth for the primary route interface, in kilobits. The range of bandwidth is 1 to 10000000. The default is 1000.
|
Bandwidth
(EIGRP only.)
|
The amount of bandwidth available to the primary route interface for the EIGRP packets. You should enter a value that gives
priority to the primary route over other routes.
You can enter a value in the range 1 to 10000000 kb. The default is 1000 kb.
Note
|
By default, the cost of sending a packet on an interface is calculated based on the bandwidth—the higher the bandwidth, the
lower the cost.
|
|
Process Number
(OSPF only.)
|
The routing process ID number that will be used to identify the secured IGP that Security Manager adds when configuring DMVPN.
The valid range for either protocol is 1-65535. The default is 110.
|
Hub Network Area ID
(OSPF only.)
|
The ID number of the area in which the hub’s protected networks will be advertised, including the tunnel subnet. You can enter
any number. The default is 0.
|
Spoke Protected Network Area ID
(OSPF only.)
|
The ID number of the area in which the remote protected networks will be advertised, including the tunnel subnet. You can
enter any number. The default is 1.
|
Authentication Key
(OSPF and RIPv2.)
|
A string that indicates the OSPF or RIPv2 authentication key. The string can be up to eight characters long.
|
Cost
(OSPF and RIPv2.)
|
The cost of sending a packet on the primary route interface.
If the selected protocol is OSPF, enter a value in the range 1-65535; the default is 100.
If the selected protocol is RIPv2, enter a value in the range 1-15; the default is 1.
|
Allow Direct Spoke to Spoke Connectivity
|
Whether to enable direct communication between spokes without going through the hub. Select the DMVPN phase you want to use,
which determines the types of connections that spokes can make:
-
Phase 2—Spoke to spoke connections go through regional hubs and routing protocol updates from hubs to spokes are not summarized.
-
Phase 3 (Default)—Spokes can create direct connections with each other and routing updates from hubs to spokes are summarized. This
option allows the greatest scalability and reduces latency. Devices must run IOS Software release 12.4(6)T or later; ASRs
must run IOS XE Software release 2.4 (called 12.2(33)XND) or later. Security Manager automatically creates a phase 2 configuration
for devices running a lower OS version.
For detailed information on how phase 2 and 3 differ, see
“Migrating from Dynamic Multipoint VPN Phase 2 to Phase 3”
on Cisco.com.
|
Filter Dynamic Updates On Spokes
|
Unavailable if you are using On-Demand Routing or a static route for your DMVPN tunnel.
When selected, enables the creation of a redistribution list that filters all dynamic routing updates (EIGRP, OSPF, and RIPv2)
on spokes. This forces the spoke devices to advertise (populate on the hub device) only their own protected subnets and not
other IP addresses.
|
Tunnel Parameters Tab
|
Tunnel IP Range
|
The IP address range of the inside tunnel interface IP address, including the unique subnet mask. This field defines a subnet,
such as 10.1.1.0/24.
Note
|
If Security Manager detects that a tunnel interface IP address already exists on the device, and its IP address matches the
tunnel’s IP subnet field, it will use that interface as the GRE tunnel.
|
|
Dial Backup Tunnel IP Range
|
If you are configuring a dial backup interface, enter its inside tunnel interface IP address range, including the unique subnet
mask. This field defines a subnet.
|
Server Load Balance
|
When selected, enables the configuration of load balancing on a Cisco IOS router that serves as a hub in a multiple hubs configuration.
Server load balancing optimizes performance in a multiple hubs configuration, by sharing the workload. In this configuration,
the DMVPN server hubs share the same tunnel IP and source IP addresses, presenting the appearance of a single device to the
spokes in a VPN topology.
|
Enable IP Multicast
|
When selected, enables multicast transmissions across your GRE tunnels.
IP multicast delivers application source traffic to multiple receivers without burdening the source or the receivers, while
using a minimum of network bandwidth.
|
Rendezvous Point
|
Only available if you selected the Enable IP Multicast check box.
If required, you can enter the IP address of the interface that will serve as the rendezvous point (RP) for multicast transmission.
Sources send their traffic to the RP. This traffic is then forwarded to receivers down a shared distribution tree.
|
Tunnel Key
|
A number that identifies the tunnel key. The default is 1.
The tunnel key differentiates between different multipoint GRE (mGRE) tunnel Non Broadcast Multiple Access (NBMA) networks.
All mGRE interfaces in the same NBMA network must use the same tunnel key value. If there are two mGRE interfaces on the same
router, they must have different tunnel key values.
Note
|
To view the newly created tunnel interfaces in the Router Interfaces page for routers that are members of the VPN, you must
rediscover the device inventory details after successfully deploying the VPN to the device.
|
|
NHRP Parameters
|
Network ID
|
All Next Hop Resolution Protocol (NHRP) stations within one logical Non-Broadcast Multi-Access (NBMA) network must be configured
with the same network identifier. Enter a globally unique, 32-bit network identifier within the range of 1 to 4294967295.
|
Hold time
|
The time, in seconds, that routers will keep information provided in authoritative NHRP responses. The cached IP-to-NBMA address
mapping entries are discarded after the hold time expires.
The default is 300 seconds.
|
Authentication
|
An authentication string that controls whether the source and destination NHRP stations allow intercommunication. All routers
within the same network using NHRP must share the same authentication string. The string can be up to eight characters long.
|