DMVPN tunnels stay up

Answered Question
Mar 20th, 2007
User Badges:

Hello, I need to change the hub's public IP-address. The only way to reach the spokes is through the tunnel.


Action plan was to change the nhrp maps in the spokes first, then at last to change the hubs public IP. This didn't worked, because the tunnels always stay up and keep the "old" IP address.

I added ISKMP keepalives, tunnel nhrp holdtime and tunnel keepalive; but without success.

The only way to get the spokes accepting the new IP-address, is to shut,no shut the tunnel. But this cuts my own branch off.


Question: Does anyone knows a way, that lets DMVPN tunnels realize a connection loss, clear nhrp cache and rebuild a tunnel to a new destination without rebooting spokes?

Thanks and regards Peter

Correct Answer by ggilbert about 10 years 2 months ago

Peter,


Thanks for responding and letting me know. I do appreciate it.


Cheers

Gilbert

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
ggilbert Tue, 03/20/2007 - 12:34
User Badges:
  • Cisco Employee,

Peter,


Would it be possible to create a Second Tunnel interface will all the new information and then change the IP address on the hub.


Now you will have connectivity from your spokes to the hub.


Delete the old tunnel interface.


Will that work?


Hope this helps.


Thanks

Gilbert

pspy Fri, 03/23/2007 - 06:21
User Badges:

Hi Gilbert

thanks a lot for your suggestion.

I tried it, but it didn't work. Creating a second tunnel-ifc was ok, but the IP address must be in another range. Also the original tunnel crashed after applying the crypto rules.

I found some new commands on CCO, which our actual installed IOS doesn't support yet. i.e. "clear ip nhrp" and others.

This morning I performed the migration succesfully! The solution was to install a "out-of-band" backdoor on every spoke. Like an ssh or https access. This way, after changing the nhrp mapping, it was possible to login via ssh, then shut/no shut the tunnel-ifc. This way, the router activated the new mapping and a new tunnel was built to the hubs new IP-address.

Regards Peter

Correct Answer
ggilbert Fri, 03/23/2007 - 07:04
User Badges:
  • Cisco Employee,

Peter,


Thanks for responding and letting me know. I do appreciate it.


Cheers

Gilbert

Actions

This Discussion