Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1263
Views
0
Helpful
3
Replies

DMVPN tunnels stay up

Go to solution
pspy
Level 1
Level 1

‎03-20-2007 12:26 AM - edited ‎03-10-2019 01:35 PM

Hello, I need to change the hub's public IP-address. The only way to reach the spokes is through the tunnel.

Action plan was to change the nhrp maps in the spokes first, then at last to change the hubs public IP. This didn't worked, because the tunnels always stay up and keep the "old" IP address.

I added ISKMP keepalives, tunnel nhrp holdtime and tunnel keepalive; but without success.

The only way to get the spokes accepting the new IP-address, is to shut,no shut the tunnel. But this cuts my own branch off.

Question: Does anyone knows a way, that lets DMVPN tunnels realize a connection loss, clear nhrp cache and rebuild a tunnel to a new destination without rebooting spokes?

Thanks and regards Peter

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ggilbert
Cisco Employee
Cisco Employee
In response to pspy

‎03-23-2007 07:04 AM

Peter,

Thanks for responding and letting me know. I do appreciate it.

Cheers

Gilbert

View solution in original post

0 Helpful
3 Replies 3

Go to solution
ggilbert
Cisco Employee
Cisco Employee

‎03-20-2007 12:34 PM

Peter,

Would it be possible to create a Second Tunnel interface will all the new information and then change the IP address on the hub.

Now you will have connectivity from your spokes to the hub.

Delete the old tunnel interface.

Will that work?

Hope this helps.

Thanks

Gilbert

0 Helpful

Go to solution
pspy
Level 1
Level 1
In response to ggilbert

‎03-23-2007 06:21 AM

Hi Gilbert

thanks a lot for your suggestion.

I tried it, but it didn't work. Creating a second tunnel-ifc was ok, but the IP address must be in another range. Also the original tunnel crashed after applying the crypto rules.

I found some new commands on CCO, which our actual installed IOS doesn't support yet. i.e. "clear ip nhrp" and others.

This morning I performed the migration succesfully! The solution was to install a "out-of-band" backdoor on every spoke. Like an ssh or https access. This way, after changing the nhrp mapping, it was possible to login via ssh, then shut/no shut the tunnel-ifc. This way, the router activated the new mapping and a new tunnel was built to the hubs new IP-address.

Regards Peter

0 Helpful

Go to solution
ggilbert
Cisco Employee
Cisco Employee
In response to pspy

‎03-23-2007 07:04 AM

Peter,

Thanks for responding and letting me know. I do appreciate it.

Cheers

Gilbert

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents