Manualshelf

User manual

ManualsBrandsvirtual access ManualsComputer equipmentGW1000
161162163164165166167168169170
25: Dynamic Multipoint Virtual Private Network (DMVPN)
_______________________________________________________________________________________________________
Figure 74: Network diagram for DMVPN spoke behind NAT
Spoke1 sends an NHRP registration request to the Hub.
Hub receives this request and compares the source tunnel address of the
Spoke with the source of the packet.
Hub sends an NHRP registration reply with a NAT extension to Spoke1.
The NAT extension informs Spoke1 that it is behind the NAT-ed device.
Spoke1 registers its pre- and post-NAT address.
When Spoke1 wants to talk to Spoke2, it sends an NHRP Resolution
Request to the hub.
Hub checks its cache table and forwards that request to Spoke2.
Spoke2 caches Spoke1’s GRE pre- and post-NAT IP address and sends an
NHRP Resolution Reply via the hub.
Spoke1 receives the NHRP resolution reply and updates its NHRP table
with Spoke2 information. It initiates a VPN IPSec connection to Spoke2.
When the IPSec tunnel is established, Spoke1 and Spoke2 can send traffic
directly to each other.
Note: If an IPSec tunnel fails to be established between the Spokes then
packets between the Spokes are sent via the hub.
25.3 Configuring DMVPN via the web interface
Before configuring DMVPN, you must first configure a GRE interface. Read the
previous section,’GRE interfaces’.
_______________________________________________________________________________________________________
© Virtual Access 2015
GW1000 Series User Manual
Issue: 2.4 Page 165 of 255