Some basic IOS IPsec/DMVPN commands to aid with troubleshooting: show dmvpn detail show ip nhrp show ip nhrp multicast show crypto isakmp sa show crypto isakmp policy show crypto ipsec sa show run | s isakmp show run | s ipsec show run | s interface Tunnel debug crypto isakmp debug crypto

If you have a dedicated DMVPN router and want to apply a simple access list to the public interface to block all other traffic, this is what you need opened up: permit esp any any permit udp any eq isakmp any eq isakmp and if you have NAT-T, then you

Here is a quick and clean DMVPN Phase 1 Configuration: Hub Router IPsec: HUB01(config)# crypto isakmp policy 10 HUB01(config-isakmp)# encr 3des HUB01(config-isakmp)# hash md5 HUB01(config-isakmp)# authentication pre-share HUB01(config)# crypto isakmp key CISCO address 0.0.0.0 0.0.0.0 HUB01(config)#crypto ipsec