cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6374
Views
21
Helpful
8
Replies

DMVPN tunnel issues

dathaide
Level 1
Level 1

hi

I am configuring a Multpoint GRE DMVPN on the Hub 3845 running 12.4.9 T code and on the remote 1811 running 12.4.15 T8 code.

the issue i run into is that when i shutdown the Multipoint Tunnel on the hub end the remote does not re establish dmvpn as long as the keepalive is configured on the remote tunnel. Once removed it comes on instanly. I have included part of th configs. any help is appreciated.

HUB

interface Tunnel20

ip address 1.1.1.1 255.255.255.0

no ip redirects

ip mtu 1400

ip nhrp map multicast dynamic

ip nhrp network-id 2

ip nhrp cache non-authoritative

ip ospf dead-interval 60

keepalive 10 5

cdp enable

tunnel source GigabitEthernet0/1

tunnel mode gre multipoint

tunnel key 20

tunnel protection ipsec profile test

end

Remote

interface Tunnel20

ip address 1.1.1.2 255.255.255.0

ip mtu 1400

ip nhrp map multicast 192.129.155.9

ip nhrp map 1.1.1.1 192.129.155.9

ip nhrp network-id 2

ip nhrp nhs 1.1.1.1

cdp enable

tunnel source FastEthernet0

tunnel destination 192.129.155.9

tunnel key 20

tunnel protection ipsec profile test

keepalive 10 5

end

8 Replies 8

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Dwayne,

DMVPN are usually deployed using a dynamic routing protocol like OSPF or EIGRP.

I would suggest you to use EIGRP or OSPF instead of tunnel keepalive.

see

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/DMVPN_1.html#wp37110

Hope to help

Giuseppe

a.alekseev
Level 7
Level 7

Keepalives is not supported on DMVPN.

The keepalive 10 5 is not support, you can us e the folowing

You can change to ip nhrp holdtime=#xxx

Changes the number of seconds that NHRP NBMA addresses are advertised as valid in authoritative NHRP responses.

•The seconds argument specifies the time in seconds that NBMA addresses are advertised as valid in positive authoritative NHRP responses. The recommended value ranges from 300 seconds to 600 seconds.

thanks for your reply. I did reconfigure to OSPF and used the command holdtime like you suggested. However when i shut down the hub gre multipoint end shouldn't the remote NOT have the following information when i do the show ip nhrp command or am i using the wrong command to verify that the nbma address has dropped

sho ip nhrp

10.224.10.1/32 via 10.224.10.1, Tunnel2 created 00:22:42, never expire

Type: static, Flags:

NBMA address: 64.x.x.x

thanks

.

So you have the ip nhrp configuration at both the Hub router

ip nhrp holdtime ### "Where this parameter changes the number of seconds that NHRP NBMA addresses are advertised as valid in authoritative NHRP responses.

and at the Spoke routers as well?

Under the Hub configuration

Interface Tunnel#

ip nhrp holdtime 600

Under the Spoke configuration

Interface Tunnel#

ip nhrp holdtime 300.

one last note: under the OSPF configuration do you have it configured to make sure that the hub router will be the Designated Router (DR) for the IPsec+mGRE network.

You can do this by

1. Setting the Hub configuration

under the Tunnl interface

ip ospf priority 2

under the spoke(s) configuration

Under the Tunnel configuration

ip ospf priority 0

One last note: nhrp aythentication doesnt seem to be configured

Hub router

Interface Tunnel #

ip nhrp authentication abc123

Spoke router

Interface Tunnel #

ip nhrp authentication abc123

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco