DMVPN Caveats
NBMA Address Conflicts
DMVPN routers must have a unique NBMA address. Any address conflict will interrupt traffic to a remote site, or possibly cause other erratic behavior.
Where you would see this is in the situation where you have DMVPN routers behind another device that is doing NAT (ie. an LTE or DSL modem). If you have standardized on a certain line of modems, and the modems are a DHCP server for their LAN interface, it is very likely that two or more DMVPN routers will get the same private IP address on their WAN interfaces. See below:
HUB1#sho ip nhrp 10.10.10.3 10.10.10.3/32 via 10.10.10.3 Tunnel1 created 4d14h, expire 00:02:28 Type: dynamic, Flags: unique registered used nhop NBMA address: 192.168.0.2
When there are no conflicts, DMVPN is smart enough to use the actual public IP of the modem to reach the DMVPN router behind the NAT. However, when there is a conflict, I can only assume that DMVPN thinks the two or more routers are all the same router.
To work around this issue, do one of the following:
- statically set the private WAN IP on the DMVPN routers, and keep them unique
- many modems have an "IP Passthrough" option, where a single host behind the modem receives the public IP that is assigned to the WAN of the modem