×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

DMVPN: Timers??? (NHRP, IPsec, EIGRP)

Unanswered Question
Jan 9th, 2004
User Badges:

I've a DMVPN up and running but if a node gets an other IP-address of the ISP or a router (node or hub) reloads it takes 2 - 3 hours before a new connection is established.


I believe it's a timer problem (especially IPsec) But there are a lot of timers (and they influend each other)


Node config::


crypto ipsec transform-set transform_dk esp-3des esp-sha-hmac

mode transport

!

crypto ipsec profile profile_dk

set security-association lifetime second 86400

set security-association idle-time 150

set transform-set transform_dk


interface Tunnel1

description --- DMVPN tunnel ---

ip address 10.132.136.1 255.255.192.0

no ip redirects

ip mtu 1428

ip nhrp authentication password

ip nhrp map multicast 194.x.x.25

ip nhrp map 10.132.128.1 194.x.x.25

ip nhrp network-id 1000

ip nhrp holdtime 300

ip nhrp nhs 10.132.128.1

ip hello-interval eigrp 1 30

ip hold-time eigrp 1 65

qos pre-classify

tunnel source BVI1

tunnel mode gre multipoint

tunnel key 1000

tunnel protection ipsec profile profile_dk


Which are the optimal values for next timers???

ip nhrp holdtime 300

set security-association lifetime second 86400

set security-association idle-time 150

ip hello-interval eigrp 1 30

ip hold-time eigrp 1 65


I haven't found a description from how these timers influend each other. Is there a description?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion