DMVPN works through NVG595 using Cisco 1941 Router
First off, this is not a question. More or less trying to save people a headache, but if you're in the forum, chances are you already have one from the many different potential options that don't work or the hours you have spent with support.... I'm sure you already have logged into the AT&T router and are familiar with the configuration areas. I didn't have to NAT or do any port forwarding to get this to work. I'm going to explain high-level what I did to get DMVPN working through the AT&T modem using Public assigned IP range.
1. Under Firewall-Turn off packet filter, NAT, and Advanced Firewall (turn everything off)
2. Set allocation to IP Passthrough with MANUAL as the passthrough mode.
3. Under Subnets/DHCP-Turn on Public Subnet mode with DHCP server enable on
4. Allow inbound traffic
5. I set my DHCP public start address the same as my end, as i only needed one address on my external cisco router interface
6. Set primary DHCP pool to PRIVATE
7. I forget where at in the process it was, but make sure to allocate your IP as a Fixed Allocation to your public DHCP IP.
On Cisco router, set your WAN facing IP address to dhcp, shut the interface down, no shut and you should have your public DHCP ip address assigned. Once At&t modem is configured and your WAN has the dhcp ip, you should be able to ping outside interface.
Now DMVPN, is fairly straight forward, the AT&T router should be good to go at this point. One thing that got us while doing the many different combinations on the modem was having a VRF on the tunnel. When you have a VRF set on the tunnel interface make sure you say tunnel vrf "name" as well as assigning the VRF for your isakmp profile and on keyring. Without these commands you won't see a thing for DMVPN.