Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
564
Views
0
Helpful
2
Replies

Spoke1 Network to Spoke2 Network slow

Go to solution
brinkeja151
Level 1
Level 1

‎02-16-2010 02:42 PM

DMVPN configuration.

Devices from Hub LAN to Spoke LAN ping times 60ms.

Devices from Spoke1 LAN to Spoke2 LAN ping times 110ms to 1000ms.

When I ping the mGRE addresses of the routers. I can ping at 30-45ms unless I ping the routers own IP address, then it responds at a 90ms response. Meaning:

Spoke1 to Spoke2 = 40ms

Spoke1 to Hub = 35ms

Spoke2 to Hub = 35ms

Spoke1 to self = 90ms

Spoke2 to self = 90ms

HUB config:

crypto keyring Cisco

pre-shared-key address 0.0.0.0 0.0.0.0 key KeyA

!

crypto ipsec transform-set ESP-3DES-SHA13 esp-3des esp-sha-hmac

mode transport

!

crypto isakmp profile Cisco

keyring Cisco

match identity address 0.0.0.0

!

crypto ipsec profile CISCO

set transform-set ESP-3DES-SHA13

set isakmp-profile Cisco

!

interface Tunnel0

description HUB

bandwidth 4000

ip address 10.151.151.1 255.255.255.248

no ip redirects

ip mtu 1416

ip nhrp authentication Cisco

ip nhrp map multicast dynamic

ip nhrp network-id 100000

ip nhrp holdtime 360

ip tcp adjust-mss 1360

no ip split-horizon eigrp 1

delay 1000

tunnel source GigabitEthernet0/0

tunnel mode gre multipoint

tunnel key 100000

tunnel protection ipsec profile CISCO

!

interface GigabitEthernet0/0

description HUB

bandwidth inherit

ip address A.A.A.A 255.255.255.252

ip verify unicast reverse-path

ip nat outside

ip virtual-reassembly

ip route-cache flow

duplex auto

speed 100

media-type rj45

negotiation auto

!

router eigrp 1

network 10.3.3.0 0.0.0.255

network 10.150.150.0 0.0.0.255

network 10.151.151.0 0.0.0.7

network 192.168.27.0

no auto-summary

SPOKE1 config:

crypto isakmp key KeyA address 0.0.0.0 0.0.0.0

!

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

mode transport

!

crypto ipsec profile CISCO

set transform-set ESP-3DES-SHA

!

interface Tunnel0

description SPOKE1

bandwidth 4000

ip address 10.151.151.2 255.255.255.248

no ip redirects

ip mtu 1416

no ip next-hop-self eigrp 1

ip nhrp authentication Cisco

ip nhrp map 10.151.151.1 A.A.A.A

ip nhrp map multicast A.A.A.A

ip nhrp network-id 100000

ip nhrp holdtime 360

ip nhrp nhs 10.151.151.1

ip tcp adjust-mss 1360

no ip split-horizon eigrp 1

delay 1000

tunnel source GigabitEthernet0/1

tunnel mode gre multipoint

tunnel key 100000

tunnel protection ipsec profile CISCO

!

interface GigabitEthernet0/1

description SPOKE1

ip address B.B.B.B 255.255.255.252

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

media-type rj45

!

router eigrp 1

network 10.148.27.0 0.0.0.255

network 10.148.148.0 0.0.0.255

network 10.151.151.0 0.0.0.7

no auto-summary

SPOKE2 config:

crypto isakmp key KeyA address 0.0.0.0 0.0.0.0

!

crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac

mode transport

!

crypto ipsec profile CISCO

set transform-set ESP-3DES-SHA1

!

interface Tunnel0

description SPOKE2

bandwidth 4000

ip address 10.151.151.3 255.255.255.248

no ip redirects

ip mtu 1416

no ip next-hop-self eigrp 1

ip nhrp authentication Rentsys

ip nhrp map multicast A.A.A.A

ip nhrp map 10.151.151.1 A.A.A.A

ip nhrp network-id 100000

ip nhrp holdtime 360

ip nhrp nhs 10.151.151.1

ip tcp adjust-mss 1360

no ip split-horizon eigrp 1

delay 1000

tunnel source GigabitEthernet0/1

tunnel mode gre multipoint

tunnel key 100000

tunnel protection ipsec profile CISCO

!

interface GigabitEthernet0/1

description SPOKE2

ip address C.C.C.C 255.255.255.252

ip nat outside

ip virtual-reassembly

ip route-cache flow

duplex full

speed 100

media-type rj45

!

router eigrp 1

passive-interface default

no passive-interface Tunnel0

network 10.149.149.0 0.0.0.255

network 10.151.151.0 0.0.0.7

no auto-summary

I did a trace on a device on Spoke network 1 to a device on Spoke network 2. I noticed that the trace route goes through the mGRE and hops to the HUB GRE tunnel address. Is this the correct reflex for this configuration?

1 10.148.148.1 0 msec 0 msec 0 msec (internal address of Spoke 1 router)
2 10.151.151.1 50 msec 50 msec 51 msec (GRE "outside" address of HUB)
3 10.151.151.3 109 msec 109 msec 109 msec (GRE "outside" address of Spoke 2 router)
4 10.149.149.254 109 msec * 109 msec (Device on Spoke 2 router)

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Lei Tian
Cisco Employee
Cisco Employee

‎02-16-2010 04:24 PM

Hi,

Spoke1 should send out a NHRP request to HUB, and HUB reply with spoke2's mapping; after that spoke should build a spoke to spoke tunnel, and traffic from spoke to spoke should use that tunnel.

Do you have "no ip next-hop-self eigrp 1" configured under your hub tunnel interface?

If your IOS is 12.4(6)T or higher, you can consider use dmvpn phase 3.

HTH,

Lei Tian

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Lei Tian
Cisco Employee
Cisco Employee

‎02-16-2010 04:24 PM

Hi,

Spoke1 should send out a NHRP request to HUB, and HUB reply with spoke2's mapping; after that spoke should build a spoke to spoke tunnel, and traffic from spoke to spoke should use that tunnel.

Do you have "no ip next-hop-self eigrp 1" configured under your hub tunnel interface?

If your IOS is 12.4(6)T or higher, you can consider use dmvpn phase 3.

HTH,

Lei Tian

0 Helpful

Go to solution
brinkeja151
Level 1
Level 1
In response to Lei Tian

‎02-17-2010 07:58 AM

Lei,

That was the issue.  I looked through that config about a thousand times and just missed that command.

Thanks for you help!

Jason

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents