Hi Kings, With DMVPN spoke or hub routers behind NAT you must use IPsec Transport mode. The GRE IP header is ONLY available to NHRP if we are NOT doing IPsec or we are doing IPsec in transport mode.
Regards, Piotr 2011/10/7 Kingsley Charles <[email protected]> > Hi all > > When we have DMVPN hub behind a NAT device, the tunnel shouldn't come up > because the proxy identities will not match in IPSec Phase 2 check. > > Hub -------------- NAT router --------------- Spoke > > It works, if I have the transform set in transport mode.. IOS does > something but I am not able get a doc explaining the process > > The following link explains spoke behind a NAT device. I am aware that NHRP > is NAT aware. Is that the answer? > > > http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/dmvpn_dt_spokes_b_nat.html > > > With regards > KIngs > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
