cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1284
Views
0
Helpful
9
Replies

problem with mgre nhrp

MARCELO MATURO
Level 1
Level 1

I'm trying to set up a gre tunnel between a spoke router with dynamic ip, and a hub router with fixed ip. And it doesn't work.I am using a loopback interface of de hub router as the destination tunnel ip in the spoke router. May be the problem that no use an ip of phisical interface?

Thanks.

2 Accepted Solutions

Accepted Solutions

As mentioned, I have DMVPN without tunnel protection, works fine.

View solution in original post

IPsec supports dynamic peers, it's all in the documentation.

We also used EzVPN, that works better in presence of NAT.

View solution in original post

9 Replies 9

paolo bevilacqua
Hall of Fame
Hall of Fame

For that to work, you need to configure IPsec first, in practice it's a DMVPN setup.

I did this. The configurations are:

hub:

interface Tunnel100

description Tunel a router 3G

ip address 77.6.248.30 255.255.255.252

no ip redirects

ip nhrp authentication test

ip nhrp map multicast dynamic

ip nhrp network-id 100000

ip nhrp holdtime 600

ip tcp adjust-mss 1260

tunnel source loopback10

tunnel mode gre multipoint

tunnel key 10000

tunnel protection ipsec profile 3G

spoke:

interface Tunnel100

ip address 77.6.248.29 255.255.255.252

ip nhrp authentication test

ip nhrp map 77.6.248.30 192.168.35.113

ip nhrp map multicast 192.168.35.113

ip nhrp network-id 100000

ip nhrp holdtime 300

ip nhrp nhs 77.6.248.30

ip tcp adjust-mss 1260

tunnel source Cellular0/2/0

tunnel destination 192.168.35.113

tunnel key 10000

The ipsec is up. There is an isamkp SA established.

Thanks.

Check that you can ping between the tunnel source and destination.

Then, a /30 mask seem from for multipoint tunnel.

Also, I would not use tunnel protection, configure ipsec independently.

The ping is ok in both sides. I modified de mask in the hub, but it doesn't work.

Thanks.

As mentioned, I have DMVPN without tunnel protection, works fine.

I do this. It works ok without encription, only mgre+nhrp. I found a new problem. How to create the crypto maps unknowing the remote address (the spoke is a dynamic ip).

Thanks

Marcelo

IPsec supports dynamic peers, it's all in the documentation.

We also used EzVPN, that works better in presence of NAT.

Thanks. Now is working ok.

Marcelo

Very good, thanks for the nice rating and good luck!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: