DMVPN Tunnels coming up

Unanswered Question
Mar 23rd, 2007

We have several sites that are connected by T-1's. We have setup DMVPN using DSL as backup connections for the T-1's. A few of the sites DMVPN/DSL connections are good I am getting encaps & decaps, but a few are stuck in the "MM_NO_STATE" phase and will not go to "QM_IDLE". I have checked and checked the configs on the ones that are having issues and can't seen to find the problem. From a config statndpoint it looks fine. Any troubleshooting suggestions?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
varakantam Sun, 03/25/2007 - 01:47

Double check your isakmp profiles and make sure you have the correct pre-shared keys. For the sites which are not working remove the ISAKMP profile and see if they work without encryption

mbroberson1 Mon, 03/26/2007 - 09:09

I tried and am still not having any luck. This is part of my debug.

.Mar 26 09:23:33: ISAKMP (0:13): phase 1 packet is a duplicate of a previous packet.

.Mar 26 09:23:33: ISAKMP (0:13): retransmitting due to retransmit phase 1

.Mar 26 09:23:34: ISAKMP (0:13): retransmitting phase 1 MM_KEY_EXCH...

.Mar 26 09:23:34: ISAKMP (0:13): incrementing error counter on sa, attempt 1 of 5: retransmit phase 1

.Mar 26 09:23:34: ISAKMP (0:13): retransmitting phase 1 MM_KEY_EXCH

Richard Burts Mon, 03/26/2007 - 11:09


From the fact that it appears to be stuck in the key exchange phase I believe that the suggestion to check carefully to make sure that you have keys configured correctly was a good suggestion.



mbroberson1 Mon, 03/26/2007 - 13:38

I figured out the problem. The problem was on the Netopia DSL router that was being used for the backup connection. On the Netopia I had to enable "expose internal ip addresses". I now have encaps & decaps.

Thanks for your help!



This Discussion