Manualshelf

User manual

ManualsBrandsvirtual access ManualsComputer equipmentGW1000
161162163164165166167168169170
25: Dynamic Multipoint Virtual Private Network (DMVPN)
_______________________________________________________________________________________________________
Figure 73: Network diagram for DMVPN spoke to spoke
Spoke1 and Spoke2 connect on their WAN interface: ADSL, 3G and initiate
main mode IPSec in transport mode to the hub.
After an IPSec tunnel is established, spokes register their NHRP
membership with the hub.
GRE tunnels come up.
Hub cache the GRE tunnel and real IP addresses of each spoke.
When Spoke1 wants to talk to Spoke2, it sends an NHRP Resolution
Request to the hub.
The hub checks its cache table and forwards that request to Spoke2.
Spoke2 caches Spoke1’s GRE and real IP address and sends an NHRP
Resolution Reply via the hub.
Spoke1 receives an NHRP resolution reply and updates its NHRP table with
Spoke2 information. Then it initiates VPN IPsec connection to Spoke2.
When an IPsec tunnel is established, Spoke1 and Spoke2 can send traffic
directly to each other.
Scenario 2: Spoke1 is in a private (NAT-ed) network, Spoke2 and hub are in
public network
_______________________________________________________________________________________________________
© Virtual Access 2015
GW1000 Series User Manual
Issue: 2.4 Page 164 of 255