DMVPN problem

Unanswered Question
Apr 3rd, 2007
User Badges:

HUB tunnnel:


bandwidth 16000

ip address 10.0.6.9 255.255.255.248

no ip redirects

ip mtu 1400

ip nhrp authentication xxx

ip nhrp map multicast dynamic

ip nhrp network-id 1

ip nhrp holdtime 600

ip tcp adjust-mss 1360

delay 1000

tunnel source FastEthernet0

tunnel mode gre multipoint

tunnel key 1

tunnel protection ipsec profile DMVPN


Spoke tunnel:


bandwidth 6000

ip address 10.0.6.11 255.255.255.248

no ip redirects

ip mtu 1400

ip nhrp authentication xxx

ip nhrp map 10.0.6.9 xx.xx.xx.xx

ip nhrp map multicast xx.xx.xx.xx

ip nhrp network-id 1

ip nhrp holdtime 600

ip nhrp nhs 10.0.6.9

ip tcp adjust-mss 1360

delay 1000

tunnel source Vlan2

tunnel mode gre multipoint

tunnel key 1

tunnel protection ipsec profile DMVPN


On HUB and Spoke:


crypto isakmp policy 5

encr aes 256

authentication pre-share

group 2

crypto isakmp key xxx address 0.0.0.0 0.0.0.0

crypto isakmp keepalive 15 5 periodic

!

crypto ipsec transform-set VPNSET esp-aes 256 esp-sha-hmac

!

crypto ipsec profile DMVPN

set transform-set VPNSET



sh dmvpn command from spoke:


# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb

----- --------------- --------------- ----- -------- -----

1 XX.XX.XX.XX 10.0.6.9 IPSEC never S


sh dmvpn command from HUB


returns only legend :o((



do you have any suggestion?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ggilbert Mon, 04/09/2007 - 10:34
User Badges:
  • Cisco Employee,

Hi,


What is the problem you are facing? Is your tunnel not coming up.


Make sure that you are using transport mode.


crypto ipsec transform-set VPNSET esp-aes 256 esp-sha-hmac

mode transport



sh cry isa sa

sh ip nhrp

sh ip nhrp dynamic



These are some of the commands that will tell you the status of the tunnel.


Please rate this post, if it helps


Cheers

Gilbert



Actions

This Discussion