×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

problem vpn "tunnel is not up"

Unanswered Question
Feb 18th, 2014
User Badges:

hi all ,


please i have a problem in my router cisco2901 the tunnel is not set betwen router mlps and router dmvpn 




Here is the configuration on the router DMVPN



hostname RT_BMCI_

!

boot-start-marker

boot system flash:c2900-universalk9-mz.SPA.150-1.M7.bin

boot-end-marker

!

enable secret 5 $1$..zF$.jJDav4YAlITDqs3p/XFA.

!

no aaa new-model

!

!

!

-!

no ipv6 cef

no ip source-route

ip cef

!

!

ip vrf F-VRF

rd 65000:1

!

!

!

no ip domain lookup

ip domain name ma.net.intra

!

multilink bundle-name authenticated

!

!

crypto pki token default removal timeout 0

!

!

license udi pid CISCO2901/K9 sn FCZ171391DH

!

!

username local password 7 082D434D0815

username bmci password 0 bmci

!

redundancy

!

!

!

crypto keyring F-VRF_KEYRING vrf F-VRF

  description clef pour vrf F-VRF

  pre-shared-key address 10.74.164.2 key dmbmcivpn

  pre-shared-key address 10.74.164.3 key dmbmcivpn

!

crypto isakmp policy 1

encr aes 192

authentication pre-share

group 2

crypto isakmp invalid-spi-recovery

crypto isakmp keepalive 10 periodic

!

crypto ipsec security-association replay window-size 1024

!

crypto ipsec transform-set F-VRF_TSET esp-aes 192 esp-md5-hmac

mode transport

!

crypto ipsec profile F-VRF_PROFILE

set transform-set F-VRF_TSET

!

!

!

!

!

!

interface Loopback0

ip address 10.74.249.15 255.255.255.255

!

!

interface Loopback10

description loopback src des tunnels

ip vrf forwarding F-VRF

ip address 10.74.165.15 255.255.255.255

!

!

interface Tunnel100

description tunnel dmvpn

dampening

bandwidth 2048

-ip address 10.74.161.6 255.255.252.0

no ip redirects

ip mtu 1400

ip nhrp authentication PASS-1

ip nhrp map multicast dynamic

ip nhrp map multicast 10.74.164.3

ip nhrp map 10.74.160.3 10.74.164.3

ip nhrp map multicast 10.74.164.2

ip nhrp map 10.74.160.2 10.74.164.2

ip nhrp network-id 1

ip nhrp nhs 10.74.160.2

ip nhrp nhs 10.74.160.3

ip nhrp registration no-unique

ip nhrp registration timeout 120

ip tcp adjust-mss 1360

no ip split-horizon

load-interval 30

qos pre-classify

cdp enable

tunnel source Loopback10

tunnel mode gre multipoint

tunnel key 0

tunnel vrf F-VRF

tunnel protection ipsec profile F-VRF_PROFILE shared

!

!

interface GigabitEthernet0/0

ip address 10.74.146.150 255.255.255.224

ip helper-address 10.74.240.113

ip helper-address 10.74.240.121

duplex auto

speed auto

!

!

interface GigabitEthernet0/1

description ### Connected to Maroc Telecom ###

ip address 10.74.152.219 255.255.255.254

ip access-group 150 in

duplex auto

speed auto

no cdp enable

!

!

!

router eigrp 4

!

-address-family ipv4 vrf F-VRF

  network 10.74.0.0 0.0.255.255

  passive-interface default

  autonomous-system 4

  eigrp router-id 10.74.165.15

exit-address-family

network 10.74.0.0 0.0.255.255

passive-interface default

no passive-interface Tunnel100

eigrp router-id 10.74.249.15

eigrp stub connected

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip route 10.74.0.0 255.255.0.0 GigabitEthernet0/1

!

access-list 150 remark *** Autorisation du traffic EIGRP ***

access-list 150 permit eigrp 10.74.0.0 0.0.255.255 any

access-list 150 remark *** Autorisation du traffic entrant ISAKMP et ESP ***

access-list 150 permit udp any 10.74.0.0 0.0.255.255 eq isakmp

access-list 150 permit esp any 10.74.0.0 0.0.255.255

access-list 150 remark *** Autorisation du traffic ping, Telnet et Ssh ***

access-list 150 permit icmp 10.74.0.0 0.0.255.255 10.74.0.0 0.0.255.255 echo-reply

access-list 150 permit icmp 10.74.0.0 0.0.255.255 10.74.0.0 0.0.255.255 echo

access-list 150 permit tcp 10.74.0.0 0.0.255.255 10.74.0.0 0.0.255.255 eq telnet

access-list 150 permit tcp 10.74.0.0 0.0.255.255 10.74.0.0 0.0.255.255 eq 22

access-list 150 remark *** Autorisation du traffic inter loopback ***

access-list 150 permit ip 10.74.164.0 0.0.3.255 10.74.164.0 0.0.3.255

access-list 150 remark *** GRE point a point avec l.autre hub ***

access-list 150 permit gre host 10.74.250.10 host 10.74.250.9

access-list 150 permit gre host 10.74.250.9 host 10.74.250.10

access-list 150 remark *** Allow SSH traffic inbound ***

access-list 150 permit 22 host 10.74.164.2 10.74.0.0 0.0.255.255

access-list 150 permit 22 host 10.74.164.3 10.74.0.0 0.0.255.255

!

!


snmp-server host 10.74.0.105 bmciro

!


!

line con 0

line aux 0

line vty 0 4

exec-timeout 0 0

password 7 110B14061E

login

transport input ssh

line vty 5 15

exec-timeout 0 0

password 7 094E430A10

login

transport input telnet

!

scheduler allocate 20000 1000



RT_BMCI_#sh dmvpn detail

Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete

        N - NATed, L - Local, X - No Socket

        # Ent --> Number of NHRP entries with same NBMA peer

        NHS Status: E --> Expecting Replies, R --> Responding

        UpDn Time --> Up or Down Time for a Tunnel

==========================================================================


Interface Tunnel100 is up/up, Addr. is 10.74.161.6, VRF ""

   Tunnel Src./Dest. addr: 10.74.165.15/MGRE, Tunnel VRF "F-VRF"

   Protocol/Transport: "multi-GRE/IP", Protect "F-VRF_PROFILE"

   Interface State Control: Disabled

IPv4 Registration Timer: 120 seconds


IPv4 NHS: 10.74.160.2  E

10.74.160.3  E

Type:Spoke, Total NBMA Peers (v4/v6): 2


# Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb    Target Network

----- --------------- --------------- ----- -------- ----- -----------------

    1    10.74.164.2     10.74.160.2   IKE 01:48:03    S     10.74.160.2/32


    1    10.74.164.3     10.74.160.3  NHRP 01:48:03    S     10.74.160.3/32




Crypto Session Details:

--------------------------------------------------------------------------------


Interface: Tunnel100

Session: [0x3121B7E4]

  Crypto Session Status: DOWN

  fvrf: F-VRF,    IPSEC FLOW: permit 47 host 10.74.165.15 host 10.74.164.2

        Active SAs: 0, origin: crypto map

        Inbound:  #pkts dec'ed 0 drop 0 life (KB/Sec) 0/0

        Outbound: #pkts enc'ed 0 drop 1020 life (KB/Sec) 0/0

   Outbound SPI : 0x       0, transform :

    Socket State: Closed


Interface: Tunnel100

Session: [0x3121B6F4]

  Crypto Session Status: DOWN

  fvrf: F-VRF,    IPSEC FLOW: permit 47 host 10.74.165.15 host 10.74.164.3

        Active SAs: 0, origin: crypto map

        Inbound:  #pkts dec'ed 0 drop 0 life (KB/Sec) 0/0

        Outbound: #pkts enc'ed 0 drop 1009 life (KB/Sec) 0/0

   Outbound SPI : 0x       0, transform :

    Socket State: Closed


Pending DMVPN Sessions:


Interface: Tunnel100



Interface: Tunnel100



RT_BMCI_#sh ip nhrp

10.74.160.2/32 via 10.74.160.2

   Tunnel100 created 01:49:19, never expire

   Type: static, Flags: used

   NBMA address: 10.74.164.2

10.74.160.3/32 via 10.74.160.3

   Tunnel100 created 01:49:19, never expire

   Type: static, Flags: used

   NBMA address: 10.74.164.3




please can anybody help me


and thank you all

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion