06-10-2010 11:28 AM - edited 02-21-2020 04:41 PM
Hello
I have a problem whit dmvpn its is configured in Hub router 2800 and 2 spoke router 880
they have configured the routing protocol eigrp, the vpn is stablished in the spoke to hub,
I can ping the spoke-to-spoke the traffic is routed at hub and not comunicate directly spoke to spoke
can you help me
06-10-2010 07:50 PM
The sample document here, shows how dmvpn may be configured with eigrp
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t13/feature/guide/ftgreips.html#wp1065179
The main point you can see for eigrp are the following :
! Turns off split horizon on the mGRE tunnel interface; otherwise, EIGRP will not
advertise routes that are learned via the mGRE interface back out that interface.
no ip split-horizon eigrp 1
! Enables dynamic, direct spoke-to-spoke tunnels when using EIGRP.
no ip next-hop-self eigrp 1
If you already have this and need further help, you will need to paste the configurations you have for the spokes and hub, and outputs for
"sh ip nhrp" from the routers for a start.
Regards,
06-11-2010 10:01 AM
hello
this is the configuration
HUB_DMVPN#sh ip nhrp
172.17.17.1/32 via 172.17.17.1
Tunnel0 created 00:01:20, expire 00:07:13
Type: dynamic, Flags: registered
NBMA address: 201.153.x.x
172.17.17.252/32 via 172.17.17.252
Tunnel0 created 00:01:27, expire 00:06:02
Type: dynamic, Flags: registered
NBMA address: 10.11.10.1
HUB_DMVPN#
HUB_DMVPN#sh run inter tun 0
Building configuration...
Current configuration : 539 bytes
!
interface Tunnel0
ip address 172.17.17.254 255.255.255.0
no ip redirects
ip mtu 1450
ip hold-time eigrp 666 35
no ip next-hop-self eigrp 666
ip nhrp authentication J0
ip nhrp map multicast dynamic
ip nhrp network-id 123
ip nhrp holdtime 450
ip nhrp server-only
ip nhrp shortcut
ip nhrp redirect
ip virtual-reassembly
no ip route-cache cef
ip tcp adjust-mss 1400
no ip split-horizon eigrp 666
tunnel source FastEthernet0/1
tunnel mode gre multipoint
tunnel key 2010
tunnel protection ipsec profile DMVPNJOY
end
HUB_DMVPN#
--------------------------------------------------
spoke2#sh ip nhrp
172.17.17.254/32 via 172.17.17.254
Tunnel0 created 00:30:43, never expire
Type: static, Flags: used
NBMA address:200.151.x.x
spoke2#
spoke2#sh run inter tun 0
Building configuration...
Current configuration : 546 bytes
!
interface Tunnel0
ip address 172.17.17.1 255.255.255.0
no ip redirects
ip mtu 1450
ip hold-time eigrp 666 35
no ip next-hop-self eigrp 666
ip nhrp authentication J0
ip nhrp map multicast 201.151.x.x
ip nhrp map 172.17.17.254 201.151.x.x
ip nhrp network-id 123
ip nhrp holdtime 450
ip nhrp nhs 172.17.17.254
ip nhrp registration no-unique
ip nhrp shortcut
no ip route-cache cef
ip tcp adjust-mss 1400
tunnel source Dialer0
tunnel mode gre multipoint
tunnel key 2010
tunnel protection ipsec profile DMVPNJOY
end
spoke2#
-----------------------------------------------------
spoke1#sh ip nhrp
172.17.17.254/32 via 172.17.17.254
Tunnel0 created 00:30:25, never expire
Type: static, Flags: used
NBMA address: 201.151.x.x
spoke1#
spoke1#sh run inter tun 0
Building configuration...
Current configuration : 546 bytes
!
interface Tunnel0
ip address 172.17.17.252 255.255.255.0
no ip redirects
ip mtu 1450
ip hold-time eigrp 666 35
no ip next-hop-self eigrp 666
ip nhrp authentication J0
ip nhrp map 172.17.17.254 201.x.x
ip nhrp map multicast 201.151.x.x
ip nhrp network-id 123
ip nhrp holdtime 450
ip nhrp nhs 172.17.17.254
ip nhrp registration no-unique
ip nhrp shortcut
no ip route-cache cef
ip tcp adjust-mss 1400
tunnel source Vlan1
tunnel mode gre multipoint
tunnel key 2010
tunnel protection ipsec profile DMVPNJOY
end
spoke1#
thist is the messaje that appear when I disable and enable the tunnel in the HUB
Jun 11 17:15:01.807: %ADJ-5-PARENT: Midchain parent maintenance for IP midchain out of Tunnel0, addr 172.17.17.252 6734DE40 - looped chain attempting to stack
06-12-2010 01:10 AM
You should not be disabling the tunnnel on the hub. The spoke needs the hub for the nhrp.
Can you show the eigrp router config, and also the interfaces configured on each router.
Do ping between spokes, and do show cry ipsec sa for all device. After pinging from spoke to spoke, also do another sh ip nhrp map.
Regards,
06-14-2010 07:55 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide