Configuring DMVPN Encryption


The last lab that I did was “Basic: Cisco DMVPN Lab“. This was a configuration of three routers in a DMVPN setup while they all passed through a central, internet emulating, router. Overall it was straight forward and was only looking to get the basic tunnel(s) up and running.

Next Step: Encryption

The next thing that needs to be done is to configure DMVPN encryption for the tunnels using IPSec. This is a very straight-forward process.  Create an IPSec policy and transform set and then apply it to the tunnel interfaces.

crypto isakmp policy 10
authentication pre-share
crypto isakmp key Cisco1234 address
crypto ipsec transform-set DMVPNTransformSet esp-aes esp-sha-hmac
crypto ipsec profile DMVPNProfile
set transform-set DMVPNTransformSet
interface Tunnel0
tunnel protection ipsec profile DMVPNProfile

That’s all their is to it. When studying this is one of those things that I just have to memorize the syntax to. I just need to drill it into my head so I can remember it on the spot. Add that to all tunnel interfaces and the tunnels between sites will then be encrypted. Definitely a beneficial feature that’s not too difficult to configure.


To verify the connection, commonly used commands include “show crypto isakmp sa” and “show crypto ipsec sa”. There are also definitely more options to add to edit these profiles, but this is a basic form for lab purposes.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.