×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

DMVPN Cloud

Answered Question
Jul 11th, 2014
User Badges:

Hi,

I create a DMVPN cloud with 1 hub and 5 spokes, the main purpose of the VPN is for centralise voice deployment. Now all the spokes are up and connecting fine, i can see all the phones in the different sites and even browse to the phone webpages. 

The problem i am having is two of the sites the phones registered with CUCM but the other sites even though i can see the phones they won't register to CUCM. See a copy of my config below, i use static route as the routing protocol.

++++++++++++
HUB
++++++++++++

crypto isakmp policy 1

 encr aes
 authentication pre-share
 group 2
!
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 10 3 periodic
crypto isakmp xauth timeout 20
!
crypto ipsec security-association lifetime seconds 7200
!
crypto ipsec transform-set DMVPN_SPOKE esp-aes 
 mode transport
!
crypto ipsec profile DMVPNspoke
 set security-association lifetime seconds 86400
 set security-association idle-time 86400
 set transform-set DMVPN_SPOKE 
!
interface Tunnel0
 description <<< TUNNEL >>>
 bandwidth 1000
 ip address 192.168.222.1 255.255.255.0
 no ip redirects
 ip mtu 1452
 ip nhrp authentication client
 ip nhrp map multicast dynamic
 ip nhrp network-id 1
 ip nhrp holdtime 300
 ip nhrp shortcut
 ip nhrp redirect
 ip virtual-reassembly max-fragments 64
 ip tcp adjust-mss 1360
 delay 30
 tunnel source dialer 1
 tunnel mode gre multipoint
 tunnel key 131
 tunnel protection ipsec profile DMVPNspoke shared

crypto isakmp key cisco address 77.95.xxx.xxx

 

+++++++++++
SPOKE
+++++++++++

crypto isakmp policy 1
 encr aes
 authentication pre-share
 group 2
!
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 10 3 periodic
crypto isakmp xauth timeout 20
!
crypto ipsec security-association lifetime seconds 7200
!
crypto ipsec transform-set DMVPN_SPOKE esp-aes 
 mode transport
!
crypto ipsec profile DMVPNspoke
 set security-association lifetime seconds 86400
 set security-association idle-time 86400
 set transform-set DMVPN_SPOKE 
!
interface Tunnel0
 description <<< TUNNEL >>>
 bandwidth 1000
 ip address 192.168.222.11 255.255.255.0
 no ip redirects
 ip mtu 1452
 ip nhrp authentication client
 ip nhrp map multicast 212.20.xxx.xxx
 ip nhrp map 192.168.222.1 xxx.xxx.xxx.xxx
 ip nhrp network-id 1
 ip nhrp holdtime 300
 ip nhrp nhs 192.168.222.1
 ip nhrp shortcut
 ip nhrp redirect
 ip virtual-reassembly max-fragments 64
 ip tcp adjust-mss 1360
 delay 30
 tunnel source dialer 1
 tunnel mode gre multipoint
 tunnel key 131
 tunnel protection ipsec profile DMVPNspoke shared

crypto isakmp key cisco address xxx.xxx.xxx.xxx

Correct Answer by nkarthikeyan about 3 years 1 month ago

Hi Ray,

Do you get any error for failing to register in to CUCM? Do you have the proper rules in both the ends allowing the voice traffic through the tunnel..... like Qos / Inspect statements is already been configured.... have you checked the reachability of CUCM server from those spoke sites???

 

Regards

Karthik

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
nkarthikeyan Sat, 07/12/2014 - 01:26
User Badges:
  • Gold, 750 points or more

Hi Ray,

Do you get any error for failing to register in to CUCM? Do you have the proper rules in both the ends allowing the voice traffic through the tunnel..... like Qos / Inspect statements is already been configured.... have you checked the reachability of CUCM server from those spoke sites???

 

Regards

Karthik

Rayval Rodman Sun, 07/13/2014 - 10:03
User Badges:

Hi nkarthikeyan,

 

 haven't applied any Qos or inspect statements, the only devices traversing the VPN is the voice traffic. I can reach the CUCM from every spokes and i can reach the spokes from the HUB. 

Actions

This Discussion