DMVPN Tunnel not coming up at hub

Unanswered Question

I'm using DocID 41940 as guidance.

Currently one hub, two satellites. Configured in accordance with reference configs on pages 25-28 of the downloaded PDF.


Problem: Hub Site NHRP does not appear to be coming online. Also, Tunnel0 at the hub is showing state of Up/Down.


NHRP on site 1 is up as is the tunnel.


No routes are being exchanged, though this is expected since the hub tunnel does not appear operational


What am I missing. I'm sure its something silly, but I've been beating on this for a couple of weeks, and I'm just not seeing it.


UNCLE!



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Farrukh Haroon Mon, 06/02/2008 - 06:53
User Badges:
  • Red, 2250 points or more

Hello


> What IOS version are you running on all the routers?

> Is it possible to post the configuration of one of the working sites and one that is not working as desired?


Regards


Farrukh

srue Mon, 06/02/2008 - 08:13
User Badges:
  • Blue, 1500 points or more

can you post the configs?

Here are is the config (Attached). Culled from the cisco document noted above.


Oh, and by the way, I finally saw the error.... on the actual routers, all the interfaces are FAST ethernet. When I pasted the configs in, I negelected to change the entry from 'tunnel source Ethernet0' to 'tunnel source FASTethernet0' on the hub.


GAWD... I looked and looked and looked, but somehow it just never registered till just now. I need new eyes or something.


Ah well. I knew it was simple.





Attachment: 
Farrukh Haroon Mon, 06/02/2008 - 10:56
User Badges:
  • Red, 2250 points or more

"Oh, and by the way, I finally saw the error.... on the actual routers, all the interfaces are FAST ethernet...... "


So is it working now? Btw why you have not permitted ISAKMP udp traffic on the incoming ACLs on all routers?


Regards


Farrukh

Farrukh Haroon Mon, 06/02/2008 - 11:30
User Badges:
  • Red, 2250 points or more

AFAIK, it should break it for sure. On a stateful firewall like CBAC,ASA/PIX you can sometimes get away with it, if the side from the 'inside' is initiating the ISAKMP udp connection the return traffic is automatically allowed back because of the 'state table'. But since these are stateless packet filters (Access Lists) it would be required.


Regards


Farrukh

Actions

This Discussion