DMVPN problem - Cisco Community

336

Views

0

Helpful

1

Replies

HUB tunnnel:

bandwidth 16000

ip address 10.0.6.9 255.255.255.248

no ip redirects

ip mtu 1400

ip nhrp authentication xxx

ip nhrp map multicast dynamic

ip nhrp network-id 1

ip nhrp holdtime 600

ip tcp adjust-mss 1360

delay 1000

tunnel source FastEthernet0

tunnel mode gre multipoint

tunnel key 1

tunnel protection ipsec profile DMVPN

Spoke tunnel:

bandwidth 6000

ip address 10.0.6.11 255.255.255.248

no ip redirects

ip mtu 1400

ip nhrp authentication xxx

ip nhrp map 10.0.6.9 xx.xx.xx.xx

ip nhrp map multicast xx.xx.xx.xx

ip nhrp network-id 1

ip nhrp holdtime 600

ip nhrp nhs 10.0.6.9

ip tcp adjust-mss 1360

delay 1000

tunnel source Vlan2

tunnel mode gre multipoint

tunnel key 1

tunnel protection ipsec profile DMVPN

On HUB and Spoke:

crypto isakmp policy 5

encr aes 256

authentication pre-share

group 2

crypto isakmp key xxx address 0.0.0.0 0.0.0.0

crypto isakmp keepalive 15 5 periodic

!

crypto ipsec transform-set VPNSET esp-aes 256 esp-sha-hmac

!

crypto ipsec profile DMVPN

set transform-set VPNSET

sh dmvpn command from spoke:

# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb

----- --------------- --------------- ----- -------- -----

1 XX.XX.XX.XX 10.0.6.9 IPSEC never S

sh dmvpn command from HUB

returns only legend :o((

do you have any suggestion?

1 Reply 1

Hi,

What is the problem you are facing? Is your tunnel not coming up.

Make sure that you are using transport mode.

crypto ipsec transform-set VPNSET esp-aes 256 esp-sha-hmac

mode transport

sh cry isa sa

sh ip nhrp

sh ip nhrp dynamic

These are some of the commands that will tell you the status of the tunnel.

Please rate this post, if it helps

Cheers

Gilbert

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community