This post aims to explain how to configure a dynamic multi-point site-to-site VPN over IPSEC between CISCO routers and a Linux machine using the NHRP protocol.
For our deployment I used a Linux machine as hub and many Cisco 8X7 devices as spokes.
If you are reading this, I think that you already know what IPSec protocol is and how it works. If don't, go read this.
Most interesting to explain are the NHRP protocol properties.
NHRP is a protocol that can be used to improve the efficiency of the routing protocols in a NBMA network. The purpose is to permit communication between two devices using the most direct route (e.g. the route with the fewest number of hops).
It is based on a query-and-reply mechanism in which all parties cooperate to build a "network knowledge table", to be used to send packets directly to the destination devices (if the devices are on the same subnet) or to an egress router linked to it.
The benefit that the NHRP protocol provides is that it reduces the number of hops that a packet has to pass through enhancing the performance of the network.
A dynamic multi-point virtual private…