DMVPN VRF

    DMVPN :
Generic Routing Encapsulation GRE
Next-Hop Resolution Protocol NHRP
Dynamic routing protocols
IPsec encryption protocols

R1:
!
ip vrf voice
 rd 1:1
 route-target export 1:1
 route-target import 1:1

crypto isakmp policy 10
 hash md5
 authentication pre-share
crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0
crypto ipsec transform-set strong esp-3des esp-md5-hmac
crypto ipsec profile cisco
 set security-association lifetime seconds 120
 set transform-set strong

interface Tunnel0
 ip address 172.16.0.1 255.255.255.0 ip mtu 1440
 no ip next-hop-self eigrp 90
 ip nhrp authentication cisco123
 ip nhrp map multicast dynamic
 ip nhrp network-id 1
 no ip split-horizon eigrp 90
 tunnel source FastEthernet0/0
 tunnel mode gre multipoint
 tunnel key 0
 tunnel protection ipsec profile cisco shared
end

interface Tunnel1
 ip vrf forwarding voice
 ip address 172.16.1.1 255.255.255.0 ip mtu 1440
 no ip next-hop-self eigrp 90
 ip nhrp authentication cisco123
 ip nhrp map multicast dynamic
 ip nhrp network-id 2
 no ip split-horizon eigrp 90
 tunnel source FastEthernet0/0
 tunnel mode gre multipoint
 tunnel key 1
 tunnel protection ipsec profile cisco shared
end


router eigrp 90
 network 10.0.1.0 0.0.0.255
 network 172.16.0.0 0.0.0.255
 no auto-summary
 !
 address-family ipv4 vrf voice
  network 10.1.1.0 0.0.0.255
  network 172.16.1.0 0.0.0.255
  no auto-summary
  autonomous-system 90
 exit-address-family
!



verificacion:

R1#sh dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incompletea
        N - NATed, L - Local, X - No Socket
        # Ent --> Number of NHRP entries with same NBMA peer

Tunnel0, Type:Hub, NHRP Peers:2,
 # Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb
 ----- --------------- --------------- ----- -------- -----
     1      10.10.10.2      172.16.0.2    UP    never D
     1      10.10.10.3      172.16.0.3    UP    never D

Tunnel1, Type:Hub, NHRP Peers:2,
 # Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb
 ----- --------------- --------------- ----- -------- -----
     1      10.10.10.2      172.16.1.2    UP    never D
     1      10.10.10.3      172.16.1.3    UP    never D



R1#sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst             src             state          conn-id slot status
10.10.10.1      10.10.10.3      QM_IDLE           1002    0 ACTIVE
10.10.10.1      10.10.10.2      QM_IDLE           1001    0 ACTIVE

IPv6 Crypto ISAKMP SA

DMVPN

R1#sh dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incompletea
        N - NATed, L - Local, X - No Socket
        # Ent --> Number of NHRP entries with same NBMA peer

Tunnel0, Type:Hub/Spoke, NHRP Peers:4,
 # Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb
 ----- --------------- --------------- ----- -------- -----
     1      10.10.10.1     172.19.11.1  NHRP    never S
     1      10.10.10.5     172.19.11.3    UP    never D
     1     10.10.10.14     172.19.11.4    UP    never D
     1     10.10.10.10     172.19.11.5    UP    never D

VRF LITE

ip vrf rojo
 rd 10:10
!
ip vrf verde
 rd 20:20
!
interface FastEthernet0/0
no shutdown

interface FastEthernet0/0.10
 encapsulation dot1Q 10
 ip vrf forwarding rojo
 ip address 10.10.10.1 255.255.255.252
!
interface FastEthernet0/0.20
 encapsulation dot1Q 20
 ip vrf forwarding verde
 ip address 10.10.11.1 255.255.255.252


ip route vrf rojo 20.20.20.0 255.255.255.0 10.10.10.2
ip route vrf verde 20.20.21.0 255.255.255.0 10.10.11.2