DMVPN problem with spoke to spoke tunnels not coming up!

Unanswered Question
Oct 27th, 2008

All traffic being routed through the hubs and spoke to spoke tunnels wouldn't come up.

Tried for hours with CISCO engineers on the phone to fix an issues with DMVPN routing through the head ends and not the spoke to other spokes. Turns out is was the version of IOS I was running at the hubs.

I was running c7200-jk9s-mz.124.13b.bin and I am now running c7200-adventerprisek9-mz.124.15.T7.bin

Works beautifully now. This was an NHRP issue I don't know if one of you can through this in a solution database as I tried for a very long time to find a solution and there was nothing. If you need more detail please let me know. I have a TAC open for it SR 609892261, you should be able to grab loads of info from that if you can.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Mon, 10/27/2008 - 14:31

Hello Brent,

a Service Request is associated to a Service Contract and only CCO accounts associated to that Service Contract can access it.

So I don't think any of us ( the ones not working directly for Cisco) can access your SR.

And this is reasonable.

It is possible using my CCO account to access the Bug Toolkit(go to support and accesss the Bug toolkit) and look for IOS software 12.4.13b platform 7200 and keyword DMVPN starts a search:

if finds 11 bugs

for example it can be:

CSCsc72704

Dynamic spoke to spoke tunnel fails to establish in daisy-chained DMVPN

1st Found-In

12.4(5)M

Known Affected Versions This link will launch a new window.

Fixed-In

12.4(9)T2

12.4(9.15)T

12.4(6)T10

"Dynamic spoke to spoke tunnel fails to establish in daisy-chained DMVPN

In a daisy-chained DMVPN (Dynamic Multipoint VPN) environment, if the hub

router does not terminate both the GRE and IPSec tunnels on the same device,

then NHRP (Next Hop Resolution Protocol) traffic from the hub to a spoke

may be forwarded in clear instead of being encrypted, which subsequently

will be dropped on the destination spoke router. This can cause dynamic

spoke to spoke tunnel not to get established."

There is no known workaround at this time.

However, thanks for having signalled a problem that can occur to other network engineers.

Hope to help

Giuseppe

Brent Rockburn Mon, 10/27/2008 - 15:42

Hey Giuseppe!

yeah sorry I guess I was thinking Knowledge base would be the best .. I just would hate to see another administrator go through this one ;)

Actions

This Discussion