DM VPN Tunnel issue

Unanswered Question
Aug 4th, 2011

ISSUE: eigrp neighborship is flapping between DM VPN Spoke ( and Hub router ( I need your inputs in troubleshooting this.

Please let me know if you need more details

The tunnel state is up and up .

Crypto isakmp state is QM_IDLE.


%DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor (Tunnel1) is down: Peer goodbye received
%DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor (Tunnel1) is up: new adjacency
%DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor (Tunnel1) is down: Peer goodbye received
%DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor (Tunnel1) is up: new adjacency
%ADJ-5-PARENT: Midchain parent maintenance for IP midchain out of Tunnel1, addr 841471C0 - looped chain attempting to stack
%DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor (Tunnel1) is down: holding time expired

on, the tunnel config is 

interface Tunnel1

ip address

no ip redirects

ip mtu 1400

ip nhrp authentication 111

ip nhrp map multicast dynamic

ip nhrp map

ip nhrp map multicast

ip nhrp network-id 101

ip nhrp nhs

ip nhrp cache non-authoritative

ip summary-address eigrp 1 5

tunnel source FastEthernet4

tunnel mode gre multipoint

tunnel key 111

tunnel protection ipsec profile ocbackupvpn shared


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
plumbis Thu, 08/11/2011 - 12:54

Sounds like you might have packet loss.

Goodbye received indicates the neighbor declared us down. What does the other side of the tunnel see?

Are you seeing Input Queue drops or high CPU? These could be symptoms of overutilization on the device.

Finally you haven't set the bandwidth on the tunnel interface here, meaning that EIGRP thinks it can only use 50% of 4kb for packets. I'm assuming your physical connectivity is greater than 8kbps. I would suggest increasing the "eigrp bandwidth-percent" command to something over 100% so that it is equal to 50% of your physical or increase the tunnel bandwidth to match the physical CIR.

Vinayaka Raman Thu, 08/11/2011 - 13:09

Thanks for your reply. I did work with a CISCO TAC to resolve this issue. Please find the details :


DMVPN spoke tunnel is up but eigrp is flapping continuously.

Error Message:

*Mar  7 13:47:17.766: %ADJ-5-PARENT: Midchain parent maintenance for IP midchain out of Tunnel1, addr 8409AC00 - looped chain attempting to stack


Loss of packets:

TIFFABWBR1#ping source fa4 repeat 1000

Type escape sequence to abort.

Sending 1000, 100-byte ICMP Echos to, timeout is 2 seconds:

Packet sent with a source address of













Success rate is 96 percent (812/840), round-trip min/avg/max = 1/1/20 ms


Please note during the packet loss, the eigrp neighborship is up.

Troubleshooting steps:

  • Worked with AT&T to find out if this is an ISP issue. Replaced the cable between router and the modem. NO LUCK.

  • Worked with Cisco and identified there is a routing loop with the help of debug outputs (attached). Implemented an inbound distribute list (attached) on Tiffin backup router to filter out the duplicate routes and tunnel came up.


  • The ip address for fa 4 interface of TIFFABWBR1 is

  • We have a static route pointing on GRV hub router towards Tiffin.

GRVVPNCR2#show run | i

ip route


  • This same route is being redistributed on HUB and advertised to spoke router which has caused this issue.

             router eigrp 1

timers active-time 30

redistribute static metric 500 50 100 100 1500 route-map blockdefaultroute



            distribute-list 1 out Tunnel2

distance eigrp 210 171

no auto-summary


The cisco TAC recommends NO to redistribute the static routes on the GRV hub router unless we have a specific design consideration.


This Discussion

Related Content