07-14-2009 09:51 AM - edited 03-04-2019 05:25 AM
Hi,
There are 3 weeks ago since we switched the WAN Links of our Data Network to DMVPN technology.
There is a HUB 3845 router in HQ and 2811 ISRs in all other 19 Branches. The 3845 router is connected to ISP MPLS cloud through 2 primary E1 lines and a secondary 24 Mbps ADSL line . Every branch router is connected to ISP MPLS cloud through a primary leased line and a secondary 2 Mbps ADSL.
There are 4 DMVPN Tunnels. Tunnel1 over the branch leased line to HUB E1. Tunnel2 over the branch ADSL line to HUB E1. Tunnel 5 over the branch leased line to HUB ADSL line and Tunnel 6 over the branch ADSL line to HUB ADSL line. EIGRP run in the whole network with default timers.
Everything seems work fine, but I have noticed the log messages bellow:
%VPN_HW-1-PACKET_ERROR: slot: 0 Packet Encryption/Decryption error, Output Authentication error:srcadr=192.168.192.30,dstadr=192.168.192.1,size=768,handle=0x6071
%VPN_HW-1-PACKET_ERROR: slot: 0 Packet Encryption/Decryption error, Output Authentication error:srcadr=192.168.192.19,dstadr=192.168.192.1,size=144,handle=0x67C1
I have also noticed the log messages from the deny entries from router WAN Access-lists related to fragmentation:
%SEC-6-IPACCESSLOGDP: list WAN denied icmp 10.195.35.70 -> 192.168.192.1 (11/1), 17 packets
%SEC-6-IPACCESSLOGDP: list WAN denied icmp 10.195.35.50 -> 192.168.192.1 (11/1), 1 packet
%SEC-6-IPACCESSLOGDP: list WAN denied icmp 10.195.35.30 -> 192.168.192.1 (11/1), 1 packet
%SEC-6-IPACCESSLOGDP: list WAN denied icmp 10.195.35.74 -> 192.168.192.1 (11/1), 1 packet
At the end, several times every day the EIGRP Adjacency in Tunnel1 & 5 is flapping without any specific reason.
In the 10.195.35.0 subnet belong the WAN links and in the subnet 192.168.192.0 belong the Tunnel1 IP Addresses.
Could anybody please write if there is any issue related to these log messages and to EIGRP behavior.
Thanks in advance!
07-14-2009 10:53 PM
07-15-2009 05:07 AM
Hello John,
your configurations look like fine.
I've searched bug toolkit and there are several bugs for DMVPN in 12.4(22)T like
CSCsv43385
and others
I would give a try to another release on the hub router:
tunnel1 and tunnel5 are related to the same hub router.
An idea could be also to try a release like 12.4(15)T9 and one as 12.4.(22)Tx
x>1
Hope to help
Giuseppe
07-15-2009 09:45 PM
Hi Giuseppe,
I think you have right. I checked the Tunnel Interfaces in every branch router and there is no any dropped packet in contrast with Tunnels in Hub router which have some dropped packets. I will proceed with an IOS upgrade in 3845 router and I will let you know for the results.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide