06-02-2008 06:19 AM - edited 03-09-2019 08:49 PM
I'm using DocID 41940 as guidance.
Currently one hub, two satellites. Configured in accordance with reference configs on pages 25-28 of the downloaded PDF.
Problem: Hub Site NHRP does not appear to be coming online. Also, Tunnel0 at the hub is showing state of Up/Down.
NHRP on site 1 is up as is the tunnel.
No routes are being exchanged, though this is expected since the hub tunnel does not appear operational
What am I missing. I'm sure its something silly, but I've been beating on this for a couple of weeks, and I'm just not seeing it.
UNCLE!
06-02-2008 06:53 AM
Hello
> What IOS version are you running on all the routers?
> Is it possible to post the configuration of one of the working sites and one that is not working as desired?
Regards
Farrukh
06-02-2008 08:03 AM
12.4
two 1811 ISRs. two wireless, one wired.
06-02-2008 08:13 AM
can you post the configs?
06-02-2008 08:34 AM
Here are is the config (Attached). Culled from the cisco document noted above.
Oh, and by the way, I finally saw the error.... on the actual routers, all the interfaces are FAST ethernet. When I pasted the configs in, I negelected to change the entry from 'tunnel source Ethernet0' to 'tunnel source FASTethernet0' on the hub.
GAWD... I looked and looked and looked, but somehow it just never registered till just now. I need new eyes or something.
Ah well. I knew it was simple.
06-02-2008 10:56 AM
"Oh, and by the way, I finally saw the error.... on the actual routers, all the interfaces are FAST ethernet...... "
So is it working now? Btw why you have not permitted ISAKMP udp traffic on the incoming ACLs on all routers?
Regards
Farrukh
06-02-2008 11:14 AM
It seems to be.
Not sure why I didn't add the ISAKMP automatically, I certainly can permit it, though. Shouldn't not having it break the config?
06-02-2008 11:30 AM
AFAIK, it should break it for sure. On a stateful firewall like CBAC,ASA/PIX you can sometimes get away with it, if the side from the 'inside' is initiating the ISAKMP udp connection the return traffic is automatically allowed back because of the 'state table'. But since these are stateless packet filters (Access Lists) it would be required.
Regards
Farrukh
06-02-2008 03:40 PM
Thats wht I thought, and the exclusion of that entry was a complete oversight, however the fact that is still works makes one go "Hmmmm...."
:)
Thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide