Suppose if I have one hub and two spoke nodes, each have one public address and one NBMA address. If I specify the following configurations in the racoon file for the HUB to Spoke1. :
# Security policies
spdadd 10.0.0.0/16 10.1.0.0/16
-P out ipsec
spdadd 10.1.0.0/16 10.0.0.0/16
-P in ipsec
Then repeat the same thing from the Spoke1 --> HUB - only switch the NBMA addresses, will it work?
Assume the same is done between Hub and Spoke 2. If I run OpenNHRP on the hub and spokes nodes, will dynamic tunnel between Spoke1 and Spoke2 will be formed or not? Dynamic in the sense that we have not specified any such configuration for Spoke1 and Spoke2 in the ipsec.conf or in the racoon.conf. Am I missing some thing here? According to Cisco DMVPN, the Spoke1 <---> Spoke2 ipsec tunnels will be formed dynamically.
Further, I am testing all this topology in the LAB, IF i am not using BGP and specifying static routes in the HUB, whether Spoke1 will learn the routes automatically and thus no routes will be needed to be specified at the Spoke1 or Spoke 2 for traversing their private networks?