R2511-HP MSR Router Series Layer 3 - IP Services Configuration Guide(V5)
171
Full mesh DVPN configuration example
Network requirements
In the full mesh network shown in Figure 73, the primary VAM server and the secondary VAM server
manage and maintain information about the nodes. The AAA server takes charge of VAM client
authentication and accounting. With each being the backup of the other, the two hubs perform data
forwarding and routing information exchange.
Create a permanent tunnel between each hub-spoke pair.
Spokes in the same VPN exchange data through dynamically established tunnels between them.
Figure 73 Network diagram
Device Interface IP address Device Interface IP address
Hub 1 Eth1/1 192.168.1.1/24
Spoke 1
Eth1/1
192.168.1.3/24
Tunnel1 10.0.1.1/24
Eth1/2
10.0.3.1/24
Tunnel2 10.0.2.1/24 Tunnel1 10.0.1.3/24
Hub 2 Eth1/1 192.168.1.2/24
Spoke 2
Eth1/1
192.168.1.4/24
Tunnel1 10.0.1.2/24
Eth1/2
10.0.4.1/24
Tunnel2 10.0.2.2/24 Eth1/3 10.0.6.1/24
Spoke 3 Eth1/1 192.168.1.5/24
Tunnel1 10.0.1.4/24
Eth1/2 10.0.5.1/24
Tunnel2 10.0.2.4/24
Tunnel2 10.0.2.3/24 Primary server Eth1/1 192.168.1.22/24
A
AA server 192.168.1.11/24
Secondary
server
Eth1/1
192.168.1.33//24
Hub 1 Hub 2
Spoke 1 Spoke 3
Site 1 Site 4
Spoke 2
Site 2
IP network
VPN 1 Hub-to-Spoke static tunnel
VPN 2 Hub-to-Spoke static tunnel
Spoke-to-Spoke dynamic tunnel
Primary VAM server
Secondary VAM server
Eth1/1
Eth1/1
Eth1/1
Eth1/1
Eth1/1
Tunnel1
Tunnel2
Tunnel1
Tunnel2
Tunnel1
Tunnel1
Tunnel2
Tunnel2
Eth1/1
Eth1/1
AAA server
Eth1/2
Eth1/2
Eth1/2
VPN 1 and VPN 2 Hub-to-Hub
static tunnel
Site 3
Eth1/3