I hope someone has a few ideas here, I have configured dmvpn with ezvpn run running eigrp as the routing protocol running via the created tunnel.
This works as expected when the routers at either end of the tunnels do not pass through a ASA firewall.
As soon as I introduce the firewall between dmvpn peers with the appropriate rules to allow gre, udp500 and esp, it works but the eigrp peering only stays up for 1min 20 sec, it then bounces and continues to do this so the eigrp never really converges.
The following is the log report:
*May 27 11:16:56.134: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 29: Neighbor 220.127.116.11 (Tunnel29) is down: retry limit exceeded
*May 27 11:16:56.346: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 29: Neighbor 18.104.22.168 (Tunnel29) is up: new adjacency
It seems this has something to do with eigrp, the peering comes up but show ip eigrp neig detail reveals :
R1(config-if)#do sh ip eig neig det
IP-EIGRP neighbors for process 29
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 22.214.171.124 Tu29 11 00:00:31 1 5000 1 0
Last startup serial 6
Version 12.2/1.2, Retrans: 7, Retries: 7, Waiting for Init, Waiting for Init Ack
Expecting no reply for queries
UPDATE seq 54 ser 2-6 Sent 31068 Init Sequenced
Indicating that it is not really communicating properly with its peer????
I get the same result if I turn encryption on or off, no difference.
What could the firewall be doing to cause this ??? PS the firewall is not blocking any traffic I am monitoring it.
Any ideas would be most welcome