07-11-2014 08:50 AM - edited 02-21-2020 07:43 PM
Hi,
I create a DMVPN cloud with 1 hub and 5 spokes, the main purpose of the VPN is for centralise voice deployment. Now all the spokes are up and connecting fine, i can see all the phones in the different sites and even browse to the phone webpages.
The problem i am having is two of the sites the phones registered with CUCM but the other sites even though i can see the phones they won't register to CUCM. See a copy of my config below, i use static route as the routing protocol.
++++++++++++
HUB
++++++++++++
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
!
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 10 3 periodic
crypto isakmp xauth timeout 20
!
crypto ipsec security-association lifetime seconds 7200
!
crypto ipsec transform-set DMVPN_SPOKE esp-aes
mode transport
!
crypto ipsec profile DMVPNspoke
set security-association lifetime seconds 86400
set security-association idle-time 86400
set transform-set DMVPN_SPOKE
!
interface Tunnel0
description <<< TUNNEL >>>
bandwidth 1000
ip address 192.168.222.1 255.255.255.0
no ip redirects
ip mtu 1452
ip nhrp authentication client
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip nhrp holdtime 300
ip nhrp shortcut
ip nhrp redirect
ip virtual-reassembly max-fragments 64
ip tcp adjust-mss 1360
delay 30
tunnel source dialer 1
tunnel mode gre multipoint
tunnel key 131
tunnel protection ipsec profile DMVPNspoke shared
crypto isakmp key cisco address 77.95.xxx.xxx
+++++++++++
SPOKE
+++++++++++
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
!
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 10 3 periodic
crypto isakmp xauth timeout 20
!
crypto ipsec security-association lifetime seconds 7200
!
crypto ipsec transform-set DMVPN_SPOKE esp-aes
mode transport
!
crypto ipsec profile DMVPNspoke
set security-association lifetime seconds 86400
set security-association idle-time 86400
set transform-set DMVPN_SPOKE
!
interface Tunnel0
description <<< TUNNEL >>>
bandwidth 1000
ip address 192.168.222.11 255.255.255.0
no ip redirects
ip mtu 1452
ip nhrp authentication client
ip nhrp map multicast 212.20.xxx.xxx
ip nhrp map 192.168.222.1 xxx.xxx.xxx.xxx
ip nhrp network-id 1
ip nhrp holdtime 300
ip nhrp nhs 192.168.222.1
ip nhrp shortcut
ip nhrp redirect
ip virtual-reassembly max-fragments 64
ip tcp adjust-mss 1360
delay 30
tunnel source dialer 1
tunnel mode gre multipoint
tunnel key 131
tunnel protection ipsec profile DMVPNspoke shared
crypto isakmp key cisco address xxx.xxx.xxx.xxx
Solved! Go to Solution.
07-12-2014 01:26 AM
Hi Ray,
Do you get any error for failing to register in to CUCM? Do you have the proper rules in both the ends allowing the voice traffic through the tunnel..... like Qos / Inspect statements is already been configured.... have you checked the reachability of CUCM server from those spoke sites???
Regards
Karthik
07-12-2014 01:26 AM
Hi Ray,
Do you get any error for failing to register in to CUCM? Do you have the proper rules in both the ends allowing the voice traffic through the tunnel..... like Qos / Inspect statements is already been configured.... have you checked the reachability of CUCM server from those spoke sites???
Regards
Karthik
07-13-2014 10:03 AM
Hi nkarthikeyan,
haven't applied any Qos or inspect statements, the only devices traversing the VPN is the voice traffic. I can reach the CUCM from every spokes and i can reach the spokes from the HUB.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: