Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1604
Views
0
Helpful
4
Replies

PROBLEM WHIT DMVPN PHASE 3

Acruzgreg
Level 1
Level 1

‎06-10-2010 11:28 AM - edited ‎02-21-2020 04:41 PM

Hello

I have a problem whit dmvpn its is configured in Hub router 2800 and 2 spoke router 880

they have configured the routing protocol eigrp,  the vpn is stablished  in the spoke to hub,

I can ping the spoke-to-spoke the traffic is routed at hub and not comunicate directly spoke to spoke

can you help me

Labels:
0 Helpful
4 Replies 4

edadios
Cisco Employee
Cisco Employee

‎06-10-2010 07:50 PM

The sample document here, shows how dmvpn may be configured with eigrp

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t13/feature/guide/ftgreips.html#wp1065179

The main point you can see for eigrp are the following :

! Turns off split horizon on the mGRE tunnel interface; otherwise, EIGRP will not 
advertise routes that are learned via the mGRE interface back out that interface.
 no ip split-horizon eigrp 1

! Enables dynamic, direct spoke-to-spoke tunnels when using EIGRP.
 no ip next-hop-self eigrp 1


If you already have this and need further help, you will need to paste the configurations you have for the spokes and hub, and outputs for
"sh ip nhrp" from the routers for a start.

Regards,


0 Helpful

Acruzgreg
Level 1
Level 1
In response to edadios

‎06-11-2010 10:01 AM

hello

this is the configuration

HUB_DMVPN#sh ip nhrp

172.17.17.1/32 via 172.17.17.1

   Tunnel0 created 00:01:20, expire 00:07:13

   Type: dynamic, Flags: registered

   NBMA address: 201.153.x.x

172.17.17.252/32 via 172.17.17.252

   Tunnel0 created 00:01:27, expire 00:06:02

   Type: dynamic, Flags: registered

   NBMA address: 10.11.10.1

HUB_DMVPN#

HUB_DMVPN#sh run inter tun 0

Building configuration...

Current configuration : 539 bytes

!

interface Tunnel0

ip address 172.17.17.254 255.255.255.0

no ip redirects

ip mtu 1450

ip hold-time eigrp 666 35

no ip next-hop-self eigrp 666

ip nhrp authentication J0

ip nhrp map multicast dynamic

ip nhrp network-id 123

ip nhrp holdtime 450

ip nhrp server-only

ip nhrp shortcut

ip nhrp redirect

ip virtual-reassembly

no ip route-cache cef

ip tcp adjust-mss 1400

no ip split-horizon eigrp 666

tunnel source FastEthernet0/1

tunnel mode gre multipoint

tunnel key 2010

tunnel protection ipsec profile DMVPNJOY

end

HUB_DMVPN#

--------------------------------------------------

spoke2#sh ip nhrp

172.17.17.254/32 via 172.17.17.254

   Tunnel0 created 00:30:43, never expire

   Type: static, Flags: used

   NBMA address:200.151.x.x

spoke2#

spoke2#sh run inter tun 0

Building configuration...

Current configuration : 546 bytes

!

interface Tunnel0

ip address 172.17.17.1 255.255.255.0

no ip redirects

ip mtu 1450

ip hold-time eigrp 666 35

no ip next-hop-self eigrp 666

ip nhrp authentication J0

ip nhrp map multicast 201.151.x.x

ip nhrp map 172.17.17.254 201.151.x.x

ip nhrp network-id 123

ip nhrp holdtime 450

ip nhrp nhs 172.17.17.254

ip nhrp registration no-unique

ip nhrp shortcut

no ip route-cache cef

ip tcp adjust-mss 1400

tunnel source Dialer0

tunnel mode gre multipoint

tunnel key 2010

tunnel protection ipsec profile DMVPNJOY

end

spoke2#

-----------------------------------------------------

spoke1#sh ip nhrp

172.17.17.254/32 via 172.17.17.254

   Tunnel0 created 00:30:25, never expire

   Type: static, Flags: used

   NBMA address: 201.151.x.x

spoke1#

spoke1#sh run inter tun 0

Building configuration...

Current configuration : 546 bytes

!

interface Tunnel0

ip address 172.17.17.252 255.255.255.0

no ip redirects

ip mtu 1450

ip hold-time eigrp 666 35

no ip next-hop-self eigrp 666

ip nhrp authentication J0

ip nhrp map 172.17.17.254 201.x.x

ip nhrp map multicast 201.151.x.x

ip nhrp network-id 123

ip nhrp holdtime 450

ip nhrp nhs 172.17.17.254

ip nhrp registration no-unique

ip nhrp shortcut

no ip route-cache cef

ip tcp adjust-mss 1400

tunnel source Vlan1

tunnel mode gre multipoint

tunnel key 2010

tunnel protection ipsec profile DMVPNJOY

end     

spoke1#

thist is the messaje that appear when I disable and enable the tunnel in the HUB

Jun 11 17:15:01.807: %ADJ-5-PARENT: Midchain parent maintenance for IP midchain out of Tunnel0, addr 172.17.17.252 6734DE40 - looped chain attempting to stack

regards
0 Helpful

edadios
Cisco Employee
Cisco Employee
In response to Acruzgreg

‎06-12-2010 01:10 AM

You should not be disabling the tunnnel on the hub. The spoke needs the hub for the nhrp.

Can you show the eigrp router config, and also the interfaces configured on each router.

Do ping between spokes, and do show cry ipsec sa for all device. After pinging from spoke to spoke, also do another sh ip nhrp map.

Regards,

0 Helpful

Acruzgreg
Level 1
Level 1
In response to edadios

‎06-14-2010 07:55 AM

hello

here is the config of te eigrp and the shows for nhrp and ipsec sa

regards

67762-shows_routers.txt.zip
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents