Solved: DMVPN routing is not working correctly

Erik Jacobsen · ‎03-25-2010

Hi,

I have a issue where the packets are not following the routing table.

Oslo router ----------- Trondheim router

l l

Denmark main site router

If the traffic want to reach 10.47.3.x in from OSLO to Trondheim, then the traffic is going over the router in Denmark every time.

I have attach the configuration and sh ip route from the router in OSLO.

We have a lot of other routers in the network and they are working fine, it is only this one. We have also tried to change the router, but it is the same problem.

So it must be some configuration thing.

Hope someone can find the fault.

Laurent Aubert · ‎03-26-2010

Hi,

Based on this doc:

http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/dmvpn_dt_spokes_b_nat.html

It seems you don't support this feature (you need 12.4(15)T min on all your spokes)

HTH

Laurent.

View solution in original post

Laurent Aubert · ‎03-25-2010

Hi,

Has Oslo the right NHRP entry for 10.45.2.9 ? If yes is it able to build the IPSec tunnel ?

HTH

Laurent.

Erik Jacobsen · ‎03-26-2010

We have found the reason:

10.45.2.10/32 via 10.45.2.10, Tunnel0 created 2d12h, expire 00:59:38

Type: dynamic, Flags: authoritative unique registered

NBMA address: 193.213.39.175

(Claimed NBMA address: 192.168.1.37)

Because the router in OSLO is sitting on a ADSL line, where it is getting a internal IP from the ISP 192.168.1.37, then hub to hub is not working, only to the central site.

so what workaround can I do here? so it is possible the go true the nat from the ISP, or is it not posible?

Jonn cos · ‎03-26-2010

Dear Erik,

If a router tries to register with a different IP for which hub already has a nhrp cache entry, then usually there is a syslog msg stating this behavior. Are you getting any notifications on your syslog/console ?

Erik Jacobsen · ‎03-26-2010

I have not could find any logs in any of the routers, there would show me any problem.

Erik

Laurent Aubert · ‎03-26-2010

Hi,

Based on this doc:

http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/dmvpn_dt_spokes_b_nat.html

It seems you don't support this feature (you need 12.4(15)T min on all your spokes)

HTH

Laurent.

Erik Jacobsen · ‎04-06-2010

Hi,

Both spokes are running 12.4.24T, so this should not be the issue.

But I can see the central router is running 12.2.23, so maybe this is the issue?

Laurent Aubert · ‎04-06-2010

It makes sense.

Laurent.

Erik Jacobsen · ‎04-16-2010

Thanks Laurent,

After the upgrade of the central unit, then the feature with NAT from SPOKE to SPOKE worked like a charm..

The same time our 2 routers in OSLO went down, why I don't know, but one went into Rommon mode, and the flash is gone, and the other router was totally dead.....

So our office was down over a weekend, but then we got hold on a 3rd router, this time a 1812W and this works like a charm.

So we was just a bit unlucky with the hardware the same time. :-)

Hope to see you at the networkers in Las Vegas.

Best regards,

Erik Jacobsen

Denmark