Hi Piotr, Could you please let us know why to use transport mode? What is the mechanics behind it?
Best Regards. ______________________ Adil On Oct 7, 2011, at 2:00 PM, Piotr Matusiak wrote: > Hi Kings, > > With DMVPN spoke or hub routers behind NAT you must use IPsec Transport mode. > The GRE IP header is ONLY available to NHRP if we are NOT doing IPsec or we > are doing IPsec in transport mode. > > Regards, > Piotr > > 2011/10/7 Kingsley Charles <[email protected]> > Hi all > > When we have DMVPN hub behind a NAT device, the tunnel shouldn't come up > because the proxy identities will not match in IPSec Phase 2 check. > > Hub -------------- NAT router --------------- Spoke > > It works, if I have the transform set in transport mode.. IOS does something > but I am not able get a doc explaining the process > > The following link explains spoke behind a NAT device. I am aware that NHRP > is NAT aware. Is that the answer? > > http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/dmvpn_dt_spokes_b_nat.html > > > With regards > KIngs > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
