Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
670
Views
0
Helpful
5
Replies

DMVPN with EIGRP routing issue

pkpatel
Level 1
Level 1

‎08-17-2010 08:01 PM - edited ‎03-04-2019 09:27 AM

Hello,

We have DMVPN in hub-n-spoke model.  Hub has redundant Internet connections, a T1 and cable.  Some of the remotes also have redundant Internet access, a primary and backup.

Tunnel 10 on hub and spokes is used for back up.  Tunnel 20 is used as primary.  Spoke are configured to prefere routes they learned from tunnel 20.  When tunnel 20 is up on both sides, all works well.

however, when we take down tunnel 20 on a spoke, I see NHRP, NHS, and EIGRP relationship as they should be.   Routing table on the spoke is populated using routes learned over tunnel 10 and routing between two routers, hub and spoke, is in place.

Each router has a switch connected.  Problem is we can no loger get to far end switch over tunnel 10.  debugging shows that switch connected to hub router receives and replies to pings from switch at spoke site, but the replies do not make their way back.  Echo-replies are forwarded from hub switch to hub router but they never make it way back to spoke switch.

Any ideas?

Thanks,

Paresh.

Labels:
0 Helpful
5 Replies 5

Lei Tian
Cisco Employee
Cisco Employee

‎08-17-2010 08:26 PM

Hi Paresh,

Does the hub side learn spoke's network via tunnel 10 after shut down spoke's tunnel 20?

HTH,

Lei Tian

0 Helpful

pkpatel
Level 1
Level 1
In response to Lei Tian

‎08-17-2010 08:28 PM

Hi Lei Tian,

Yes hub does learn routes to spoke over tunnel 10.

Thanks,

Paresh.

0 Helpful

Lei Tian
Cisco Employee
Cisco Employee
In response to pkpatel

‎08-17-2010 08:40 PM

Then spoke router should be able to receive it via tunnel 10. Will it work if you ping from the spoke router and source from the interface connecting the switch? Do you see any problem with the number of packets been encrypt and decrypt?

HTH,

Lei Tian

0 Helpful

pkpatel
Level 1
Level 1
In response to Lei Tian

‎08-18-2010 08:39 AM

Hello Lei Tian,

IPSec does not drop any packets either. When I ping from remote switch or interface on spoke router that connects to switch, I can ping hub router and hub router's interfaces that connect to hub switch.

Thanks,

Paresh.

0 Helpful

Lei Tian
Cisco Employee
Cisco Employee
In response to pkpatel

‎08-18-2010 09:13 AM

Hi Paresh,

To make it eaiser, let's draw a simple diagram.So, you are able to ping 2.2.2.1 from 1.1.1.1, but not 2.2.2.2 from 1.1.1.1? Can you post the output of "show ip route" and "show cry ipsec sa" from hub router?

  hub_sw

  (2.2.2.2)

        |

        |

  (2.2.2.1)

hub_router

        |

        |

   Internet

        |

        |

Spoke_router

  (1.1.1.1)

       |

       |

(1.1.1.2)

Spoke_sw

HTH,

Lei Tian

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card