отмена
Отображаются результаты для 
Вместо этого искать 
Вы имели в виду: 
Объявления
Добро пожаловать в Сообщество Технической поддержки Cisco. Мы рады получить обратную связь .
New Member

Не работает DMVPN Phase2 (spoke-to-spoke)

Доброе утро коллеги.

Собрал стенд в лабе DMVPN Phase 2 (Spoke-to-Spoke), вроде всё ок.

Настроил в продуктиве - не работает, Hub-and-Spoke - трафик бегает, а вот между Spoke-to-Spoke - НЕТ.

1) в HQ - Design Dual Hub Single Cloud

2) Spoke-1 - подключен через 3G - Megafon

3) Spoke-2 - подключен через 3G - Beeline

4) IGP - eigrp ASn-2

(тестировал между Megafon -> Megafon, если трафик натится через один NAT шлюз то понятно - могут быть проблемы)

тут я для чистоты эксперимента разнёc по разным операторам.

HUB_1:

crypto isakmp policy 1

encr aes 256

authentication pre-share

group 14

crypto isakmp key ******* address 0.0.0.0 0.0.0.0

crypto isakmp keepalive 10

crypto isakmp nat keepalive 30

!

!

crypto ipsec transform-set setA esp-aes 256 esp-sha-hmac

mode transport

!

crypto ipsec profile VPN-DMVPN

set transform-set setA

interface Tunnel1

description ## DMVPN

bandwidth 100000

ip address 192.168.0.1 255.255.252.0

no ip redirects

ip mtu 1400

ip authentication mode eigrp 2 md5

ip authentication key-chain eigrp 2 MYCHAIN

ip hold-time eigrp 2 35

no ip next-hop-self eigrp 2

ip flow ingress

ip nhrp authentication XXXXXX

ip nhrp map multicast dynamic

ip nhrp network-id 1

ip nhrp holdtime 600

ip tcp adjust-mss 1360

no ip split-horizon eigrp 2

load-interval 30

qos pre-classify

tunnel source Loopback0

tunnel mode gre multipoint

tunnel key 1

tunnel protection ipsec profile VPN-DMVPN

end

##

HUB_2:

crypto isakmp policy 1

encr aes 256

authentication pre-share

group 14

crypto isakmp key ******* address 0.0.0.0 0.0.0.0

crypto isakmp keepalive 10

crypto isakmp nat keepalive 30

!

!

crypto ipsec transform-set setA esp-aes 256 esp-sha-hmac

mode transport

!

crypto ipsec profile VPN-DMVPN

set transform-set setA

interface Tunnel1

description ## DMVPN

bandwidth 100000

ip address 192.168.0.2 255.255.252.0

no ip redirects

ip mtu 1400

ip authentication mode eigrp 2 md5

ip authentication key-chain eigrp 2 MYCHAIN

ip hold-time eigrp 2 35

no ip next-hop-self eigrp 2

ip flow ingress

ip nhrp authentication XXXXXXXXXX

ip nhrp map multicast dynamic

ip nhrp network-id 1

ip nhrp holdtime 600

ip tcp adjust-mss 1360

no ip split-horizon eigrp 2

load-interval 30

qos pre-classify

tunnel source Loopback0

tunnel mode gre multipoint

tunnel key 1

tunnel protection ipsec profile VPN-DMVPN

end

####

SPOKE_1:

crypto isakmp policy 1

encr aes 256

authentication pre-share

group 14

crypto isakmp key ******* address 0.0.0.0

crypto isakmp fragmentation

crypto isakmp invalid-spi-recovery

crypto isakmp keepalive 10

crypto isakmp nat keepalive 30

!

!

crypto ipsec transform-set setA esp-aes 256 esp-sha-hmac

mode transport

crypto ipsec df-bit clear

!

crypto ipsec profile VPN-DMVPN

set transform-set setA

interface Tunnel1

bandwidth 100000

ip address 192.168.0.10 255.255.252.0

no ip redirects

ip mtu 1400

ip authentication mode eigrp 2 md5

ip authentication key-chain eigrp 2 MYCHAIN

ip hold-time eigrp 2 35

ip nhrp authentication XXXXXXXXX

ip nhrp map 192.168.0.1 XXX.XXX.243.16

ip nhrp map multicast XXX.XXX.243.16

ip nhrp map 192.168.0.2 XXX.XXX.243.17

ip nhrp map multicast XXX.XXX.243.17

ip nhrp network-id 1

ip nhrp holdtime 600

ip nhrp nhs 192.168.0.1

ip nhrp nhs 192.168.0.2

ip nhrp registration no-unique

ip nhrp registration timeout 120

ip tcp adjust-mss 1360

tunnel source Cellular0

tunnel mode gre multipoint

tunnel key 1

tunnel protection ipsec profile VPN-DMVPN

###

SPOKE_2:

crypto isakmp policy 1

encr aes 256

authentication pre-share

group 14

crypto isakmp key ******** address 0.0.0.0

crypto isakmp fragmentation

crypto isakmp invalid-spi-recovery

crypto isakmp keepalive 10

crypto isakmp nat keepalive 30

!

!

crypto ipsec transform-set setA esp-aes 256 esp-sha-hmac

mode transport

crypto ipsec df-bit clear

!

crypto ipsec profile VPN-DMVPN

set transform-set setA

interface Tunnel1

bandwidth 100000

ip address 192.168.0.20 255.255.252.0

no ip redirects

ip mtu 1400

ip authentication mode eigrp 2 md5

ip authentication key-chain eigrp 2 MYCHAIN

ip hold-time eigrp 2 35

ip nhrp authentication XXXXXXXXX

ip nhrp map 192.168.0.1 XXX.XXX.243.16

ip nhrp map multicast XXX.XXX.243.16

ip nhrp map 192.168.0.2 XXX.XXX.243.17

ip nhrp map multicast XXX.XXX.243.17

ip nhrp network-id 1

ip nhrp holdtime 600

ip nhrp nhs 192.168.0.1

ip nhrp nhs 192.168.0.2

ip nhrp registration no-unique

ip nhrp registration timeout 120

tunnel source Cellular0

tunnel mode gre multipoint

tunnel key 1

tunnel protection ipsec profile VPN-DMVPN

####

В итоге :

HUB_1:

Interface: Tunnel1, IPv4 NHRP Details

Type:Hub, NHRP Peers:2,

# Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb

----- --------------- --------------- ----- -------- -----

     1     83.149.9.78    192.168.0.10    UP 01:26:56    DN

     1   83.220.239.73    192.168.0.20    UP 00:34:38    DN

#sh ip nhrp br

   Target             Via            NBMA           Mode   Intfc   Claimed

192.168.0.10/32      192.168.0.10    83.149.9.78     dynamic  Tu1     172.22.197.146

192.168.0.20/32      192.168.0.20    83.220.239.73   dynamic  Tu1     10.200.71.202

192.168.1.255/32     192.168.1.255   incomplete

HUB_2:

Interface: Tunnel1, IPv4 NHRP Details

Type:Hub, NHRP Peers:2,

# Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb

----- --------------- --------------- ----- -------- -----

     1     83.149.9.78    192.168.0.10    UP 01:27:37    DN

     1   83.220.239.73    192.168.0.20    UP 00:35:19    DN

#sh ip nhrp br

   Target             Via            NBMA           Mode   Intfc   Claimed

192.168.0.10/32      192.168.0.10    83.149.9.78     dynamic  Tu1     172.22.197.146

192.168.0.20/32      192.168.0.20    83.220.239.73   dynamic  Tu1     10.200.71.202

SPOKE_1:

Interface: Tunnel1, IPv4 NHRP Details

Type:Spoke, NHRP Peers:3,

# Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb

----- --------------- --------------- ----- -------- -----

     1 141.101.243.16      192.168.0.1    UP 01:28:08     S

     1 141.101.243.17      192.168.0.2    UP 01:28:08     S

     1 83.220.239.73      192.168.0.20    UP 00:34:42    DN

SPOKE_1#sh ip nhrp br

   Target             Via            NBMA           Mode   Intfc   Claimed

192.168.0.1/32       192.168.0.1     141.101.243.16  static   Tu1     <   >

192.168.0.2/32       192.168.0.2     141.101.243.17  static   Tu1     <   >

192.168.0.20/32      192.168.0.20    83.220.239.73   dynamic  Tu1     10.200.71.202

##

      10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

D        10.2.0.0/24 [90/2588160] via 192.168.0.20, 00:07:07, Tunnel1

                     [90/2588160] via 192.168.0.20, 00:07:07, Tunnel1

D     192.168.80.0/21 [90/1305856] via 192.168.0.2, 01:37:53, Tunnel1

                      [90/1305856] via 192.168.0.1, 01:37:53, Tunnel1

SPOKE_2:

Interface: Tunnel1, IPv4 NHRP Details

Type:Spoke, NHRP Peers:3,

# Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb

----- --------------- --------------- ----- -------- -----

     1 141.101.243.16      192.168.0.1    UP 00:36:34     S

     1 141.101.243.17      192.168.0.2    UP 00:36:34     S

     1 83.149.9.78        192.168.0.10    UP 00:35:28    DN

#sh ip nhrp br

   Target             Via            NBMA           Mode   Intfc   Claimed

192.168.0.1/32       192.168.0.1     141.101.243.16  static   Tu1     <   >

192.168.0.2/32       192.168.0.2     141.101.243.17  static   Tu1     <   >

192.168.0.10/32      192.168.0.10    83.149.9.78     dynamic  Tu1     172.22.197.146

##

      10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks

D        10.0.0.0/24 [90/2588160] via 192.168.0.10, 00:08:09, Tunnel1

                     [90/2588160] via 192.168.0.10, 00:08:09, Tunnel1

D     192.168.80.0/21 [90/1305856] via 192.168.0.2, 00:08:09, Tunnel1

                      [90/1305856] via 192.168.0.1, 00:08:09, Tunnel1

##

проверка коннективити:

HUB_1 -> SPOKE_1 - ОК

HUB_2 -> SPOKE_1 - OK

HUB_1 -> SPOKE_1 - OK

HUB_2 -> SPOKE_2 - OK

SPOKE_1 -> SPOKE_2 - DOWN

SPOKE_2 -> SPOKE_1 - DOWN

###

SPOKE_1:

#sh cry isa sa

IPv4 Crypto ISAKMP SA

dst             src             state          conn-id status

XXX.XXX.243.17  172.22.197.146  QM_IDLE           2056 ACTIVE

XXX.XXX.243.16  172.22.197.146  QM_IDLE           2055 ACTIVE

83.220.239.73   172.22.197.146  MM_NO_STATE          0 ACTIVE

SPOKE_2:

sh cry isa sa

IPv4 Crypto ISAKMP SA

dst             src             state          conn-id status

XXX.XXX.243.17  10.200.71.202   QM_IDLE           2005 ACTIVE

XXX.XXX.243.16  10.200.71.202   QM_IDLE           2004 ACTIVE

83.149.9.78     10.200.71.202   MM_NO_STATE          0 ACTIVE

###

Debug:

ISAKMP Phase 1 - сразу тишина и всё:

000550: *Feb 10 07:10:33.459 UTC: IPSEC(sa_request): ,

  (key eng. msg.) OUTBOUND local= 10.200.71.202:500, remote= 83.149.9.78:500,

    local_proxy= 10.200.71.202/255.255.255.255/47/0,

    remote_proxy= 83.149.9.78/255.255.255.255/47/0,

    protocol= ESP, transform= esp-aes 256 esp-sha-hmac  (Transport),

    lifedur= 3600s and 4608000kb,

    spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x0

000551: *Feb 10 07:10:33.459 UTC: ISAKMP:(0): SA request profile is (NULL)

000552: *Feb 10 07:10:33.459 UTC: ISAKMP: Created a peer struct for 83.149.9.78, peer port 500

000553: *Feb 10 07:10:33.459 UTC: ISAKMP: New peer created peer = 0x8B3A9AE0 peer_handle = 0x80000047

000554: *Feb 10 07:10:33.459 UTC: ISAKMP: Locking peer struct 0x8B3A9AE0, refcount 1 for isakmp_initiator

000555: *Feb 10 07:10:33.459 UTC: ISAKMP: local port 500, remote port 500

000556: *Feb 10 07:10:33.459 UTC: ISAKMP: set new node 0 to QM_IDLE

000557: *Feb 10 07:10:33.459 UTC: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 8B070AB8

000558: *Feb 10 07:10:33.459 UTC: ISAKMP:(0):Can not start Aggressi.ve mode, trying Main mode.

000559: *Feb 10 07:10:33.459 UTC: ISAKMP:(0):found peer pre-shared key matching 83.149.9.78

000560: *Feb 10 07:10:33.459 UTC: ISAKMP:(0): constructed NAT-T vendor-rfc3947 ID

000561: *Feb 10 07:10:33.459 UTC: ISAKMP:(0): constructed NAT-T vendor-07 ID

000562: *Feb 10 07:10:33.459 UTC: ISAKMP:(0): constructed NAT-T vendor-03 ID

000563: *Feb 10 07:10:33.459 UTC: ISAKMP:(0): constructed NAT-T vendor-02 ID

000564: *Feb 10 07:10:33.459 UTC: ISAKMP:(0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM

000565: *Feb 10 07:10:33.459 UTC: ISAKMP:(0):Old State = IKE_READY  New State = IKE_I_MM1

000566: *Feb 10 07:10:33.459 UTC: ISAKMP:(0): beginning Main Mode exchange

000567: *Feb 10 07:10:33.459 UTC: ISAKMP:(0): sending packet to 83.149.9.78 my_port 500 peer_port 500 (I) MM_NO_STATE

000568: *Feb 10 07:10:33.459 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.....

Success rate is 0 percent (0/5)

SPOKE_2#

000569: *Feb 10 07:10:43.463 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...

000570: *Feb 10 07:10:43.463 UTC: ISAKMP (0): incrementing error counter on sa, attempt 1 of 5: retransmit phase 1

000571: *Feb 10 07:10:43.463 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE

000572: *Feb 10 07:10:43.463 UTC: ISAKMP:(0): sending packet to 83.149.9.78 my_port 500 peer_port 500 (I) MM_NO_STATE

000573: *Feb 10 07:10:43.463 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

000574: *Feb 10 07:10:52.159 UTC: ISAKMP:(0):ISAKMP: sending nat keepalive packet:

from src 10.200.71.202 (port:4500) to dest 141.101.243.16 (port:4500)

000575: *Feb 10 07:10:52.159 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

000576: *Feb 10 07:10:52.203 UTC: ISAKMP:(0):ISAKMP: sending nat keepalive packet:

from src 10.200.71.202 (port:4500) to dest 141.101.243.17 (port:4500)

000577: *Feb 10 07:10:52.203 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

000578: *Feb 10 07:10:53.463 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...

000579: *Feb 10 07:10:53.463 UTC: ISAKMP (0): incrementing error counter on sa, attempt 2 of 5: retransmit phase 1

000580: *Feb 10 07:10:53.463 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE

000581: *Feb 10 07:10:53.463 UTC: ISAKMP:(0): sending packet to 83.149.9.78 my_port 500 peer_port 500 (I) MM_NO_STATE

000582: *Feb 10 07:10:53.463 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

000583: *Feb 10 07:11:03.459 UTC: IPSEC(key_engine): request timer fired: count = 1,

  (identity) local= 10.200.71.202:0, remote= 83.149.9.78:0,

    local_proxy= 10.200.71.202/255.255.255.255/47/0,

    remote_proxy= 83.149.9.78/255.255.255.255/47/0

000584: *Feb 10 07:11:03.459 UTC: IPSEC(sa_request): ,

  (key eng. msg.) OUTBOUND local= 10.200.71.202:500, remote= 83.149.9.78:500,

    local_proxy= 10.200.71.202/255.255.255.255/47/0,

    remote_proxy= 83.149.9.78/255.255.255.255/47/0,

    protocol= ESP, transform= esp-aes 256 esp-sha-hmac  (Transport),

    lifedur= 3600s and 4608000kb,

    spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x0

000585: *Feb 10 07:11:03.459 UTC: ISAKMP: set new node 0 to QM_IDLE

000586: *Feb 10 07:11:03.459 UTC: ISAKMP:(0):SA is still budding. Attached new ipsec request to it. (local 10.200.71.202, remote 83.149.9.78)

000587: *Feb 10 07:11:03.459 UTC: ISAKMP: Error while processing SA request: Failed to initialize SA

000588: *Feb 10 07:11:03.459 UTC: ISAKMP: Error while processing KMI message 0, error 2.

000589: *Feb 10 07:11:03.463 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...

000590: *Feb 10 07:11:03.463 UTC: ISAKMP (0): incrementing error counter on sa, attempt 3 of 5: retransmit phase 1

000591: *Feb 10 07:11:03.463 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE

000592: *Feb 10 07:11:03.463 UTC: ISAKMP:(0): sending packet to 83.149.9.78 my_port 500 peer_port 500 (I) MM_NO_STATE

000593: *Feb 10 07:11:03.463 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

000594: *Feb 10 07:11:11.219 UTC: ISAKMP:(0):purging node 2136972358

000595: *Feb 10 07:11:11.219 UTC: ISAKMP:(0):purging node -140056816

000596: *Feb 10 07:11:13.463 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...

000597: *Feb 10 07:11:13.463 UTC: ISAKMP (0): incrementing error counter on sa, attempt 4 of 5: retransmit phase 1

000598: *Feb 10 07:11:13.463 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE

000599: *Feb 10 07:11:13.463 UTC: ISAKMP:(0): sending packet to 83.149.9.78 my_port 500 peer_port 500 (I) MM_NO_STATE

000600: *Feb 10 07:11:13.463 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

000601: *Feb 10 07:11:21.219 UTC: ISAKMP:(0):purging SA., sa=8C0F36AC, delme=8C0F36AC

000602: *Feb 10 07:11:21.219 UTC: insert of map into mapdb AVL failed, map + ace pair already exists on the mapdb

000603: *Feb 10 07:11:21.219 UTC: IPSEC(recalculate_mtu): reset sadb_root 8A1BF72C mtu to 1500

000604: *Feb 10 07:11:21.219 UTC: IPSEC(sa_request): ,

  (key eng. msg.) OUTBOUND local= 10.200.71.202:500, remote= 83.149.9.78:500,

    local_proxy= 10.200.71.202/255.255.255.255/47/0,

    remote_proxy= 83.149.9.78/255.255.255.255/47/0,

    protocol= ESP, transform= esp-aes 256 esp-sha-hmac  (Transport),

    lifedur= 3600s and 4608000kb,

    spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x0

000605: *Feb 10 07:11:21.219 UTC: IPSEC: Expand action denied, notify RP

000606: *Feb 10 07:11:21.219 UTC: IPSEC: Expand action denied, notify RP

000607: *Feb 10 07:11:21.219 UTC: IPSEC: Expand action denied, discard or forward packet.

000608: *Feb 10 07:11:21.219 UTC: IPSEC: Expand action denied, discard or forward packet.

000609: *Feb 10 07:11:21.223 UTC: ISAKMP:(0): SA request profile is (NULL)

000610: *Feb 10 07:11:21.223 UTC: ISAKMP: Created a peer struct for 83.149.9.78, peer port 500

000611: *Feb 10 07:11:21.223 UTC: ISAKMP: New peer created peer = 0x8966A044 peer_handle = 0x80000042

000612: *Feb 10 07:11:21.223 UTC: ISAKMP: Locking peer struct 0x8966A044, refcount 1 for isakmp_initiator

000613: *Feb 10 07:11:21.223 UTC: ISAKMP: local port 500, remote port 500

000614: *Feb 10 07:11:21.223 UTC: ISAKMP: set new node 0 to QM_IDLE

000615: *Feb 10 07:11:21.223 UTC: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 8C0F36AC

000616: *Feb 10 07:11:21.223 UTC: ISAKMP:(0):Can not start Aggressive mode, trying Main mode.

000617: *Feb 10 07:11:21.223 UTC: ISAKMP:(0):found peer pre-shared key matching 83.149.9.78

000618: *Feb 10 07:11:21.223 UTC: ISAKMP:(0): constructed NAT-T vendor-rfc3947 ID

000619: *Feb 10 07:11:21.223 UTC: ISAKMP:(0): constructed NAT-T vendor-07 ID

000620: *Feb 10 07:11:21.223 UTC: ISAKMP:(0): constructed NAT-T vendor-03 ID

000621: *Feb 10 07:11:21.223 UTC: ISAKMP:(0): constructed NAT-T vendor-02 ID

000622: *Feb 10 07:11:21.223 UTC: ISAKMP:(0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM

000623: *Feb 10 07:11:21.223 UTC: ISAKMP:(0):Old State = IKE_READY  New State = IKE_I_MM1

000624: *Feb 10 07:11:21.223 UTC: ISAKMP:(0): beginning Main Mode exchange

000625: *Feb 10 07:11:21.223 UTC: ISAKMP:(0): sending packet to 83.149.9.78 my_port 500 peer_port 500 (I) MM_NO_STATE

000626: *Feb 10 07:11:21.223 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

000627: *Feb 10 07:11:22.159 UTC: ISAKMP:(0):ISAKMP: sending nat keepalive packet:

from src 10.200.71.202 (port:4500) to dest 141.101.243.16 (port:4500)

000628: *Feb 10 07:11:22.159 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

000629: *Feb 10 07:11:22.203 UTC: ISAKMP:(0):ISAKMP: sending nat keepalive packet:

from src 10.200.71.202 (port:4500) to dest 141.101.243.17 (port:4500)

000630: *Feb 10 07:11:22.203 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

000631: *Feb 10 07:11:23.463 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...

000632: *Feb 10 07:11:23.463 UTC: ISAKMP (0): incrementing error counter on sa, attempt 5 of 5: retransmit phase 1

000633: *Feb 10 07:11:23.463 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE

000634: *Feb 10 07:11:23.463 UTC: ISAKMP:(0): sending packet to 83.149.9.78 my_port 500 peer_port 500 (I) MM_NO_STATE

000635: *Feb 10 07:11:23.463 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

000636: *Feb 10 07:11:31.223 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...

000637: *Feb 10 07:11:31.223 UTC: ISAKMP (0): incrementing error counter on sa, attempt 1 of 5: retransmit phase 1

000638: *Feb 10 07:11:31.223 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE

000639: *Feb 10 07:11:31.223 UTC: ISAKMP:(0): sending packet to 83.149.9.78 my_port 500 peer_port 500 (I) MM_NO_STATE

000640: *Feb 10 07:11:31.223 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

000641: *Feb 10 07:11:33.463 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...

000642: *Feb 10 07:11:33.463 UTC: ISAKMP:(0):peer does not do paranoid keepalives.

000643: *Feb 10 07:11:33.463 UTC: ISAKMP:(0):deleting SA reason "Death by retransmission P1" state (I) MM_NO_STATE (peer 83.149.9.78)

000644: *Feb 10 07:11:33.463 UTC: ISAKMP:(0):deleting SA reason "Death by retransmission P1" state (I) MM_NO_STATE (peer 83.149.9.78)

000645: *Feb 10 07:11:33.463 UTC: ISAKMP: Unlocking peer struct 0x8B3A9AE0 for isadb_mark_sa_deleted(), count 0

000646: *Feb 10 07:11:33.463 UTC: ISAKMP: Deleting peer node by peer_reap for 83.149.9.78: 8B3A9AE0

000647: *Feb 10 07:11:33.463 UTC: ISAKMP:(0):deleting node -1765926598 error FALSE reason "IKE deleted"

000648: *Feb 10 07:11:33.463 UTC: ISAKMP:(0):deleting node -2054296796 error FALSE reason "IKE deleted"

000649: *Feb 10 07:11:33.463 UTC: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL

000650: *Feb 10 07:11:33.463 UTC: ISAKMP:(0):Old State = IKE_I_MM1  New State = IKE_DEST_SA

000651: *Feb 10 07:11:33.463 UTC: IPSEC(key_engine): got a queue event with 1 KMI message(s)

000652: *Feb 10 07:11:41.223 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...

000653: *Feb 10 07:11:41.223 UTC: ISAKMP (0): incrementing error counter on sa, attempt 2 of 5: retransmit phase 1

000654: *Feb 10 07:11:41.223 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE

000655: *Feb 10 07:11:41.223 UTC: ISAKMP:(0): sending packet to 83.149.9.78 my_port 500 peer_port 50

Теги (1)
18 ОТВЕТ.
New Member

Не работает DMVPN Phase2 (spoke-to-spoke)

При попытке проверить доступность SPOKE_1 -> SPOKE_2:

SPOKE_1#ping 10.2.0.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.2.0.1, timeout is 2 seconds:

!....

Success rate is 20 percent (1/5), round-trip min/avg/max = 240/240/240 ms

первый пакет приходит и всё...

New Member

Не работает DMVPN Phase2 (spoke-to-spoke)

На 3G интерфейсах Мегафон поднял внешние ip, всё равно не работает.

Установил одну Sim - Beeline, а одну Megafon и везде внешние ip - не работает.

Не работает DMVPN Phase2 (spoke-to-spoke)

А можно синхронный дебаг ISAKMP/IPSec с обеих сторон, желательно - когда везде внешние IP (для исключения провайдерского PAT)?

New Member

Не работает DMVPN Phase2 (spoke-to-spoke)

SPOKE_1:

Interface                  IP-Address      OK? Method Status                Protocol

Cellular0                  83.220.224.89   YES IPCP   up                    up

FastEthernet0              unassigned      YES unset  down                  down

FastEthernet1              unassigned      YES unset  up                    up

FastEthernet2              unassigned      YES unset  down                  down

FastEthernet3              unassigned      YES unset  down                  down

FastEthernet4              unassigned      YES NVRAM  down                  down

NVI0                       unassigned      YES unset  administratively down down

Tunnel1                    192.168.0.10    YES NVRAM  up                    up

Vlan1                      10.0.0.1        YES NVRAM  up                    up

###

SPOKE_2:

Interface                  IP-Address      OK? Method Status                Protocol

Cellular0                  83.220.224.192  YES IPCP   up                    up

FastEthernet0              unassigned      YES unset  down                  down

FastEthernet1              unassigned      YES unset  down                  down

FastEthernet2              unassigned      YES unset  up                    up

FastEthernet3              unassigned      YES unset  down                  down

FastEthernet4              unassigned      YES NVRAM  down                  down

NVI0                       unassigned      YES unset  administratively down down

Tunnel1                    192.168.0.20    YES NVRAM  up                    up

Vlan1                      10.2.0.1        YES NVRAM  up                    up

####

SPOKE_1:

000596: *Feb 11 18:36:18.556 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...

000597: *Feb 11 18:36:18.556 UTC: ISAKMP (0): incrementing error counter on sa, attempt 2 of 5: retransmit phase 1

000598: *Feb 11 18:36:18.556 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE

000599: *Feb 11 18:36:18.556 UTC: ISAKMP:(0): sending packet to 83.220.224.218 my_port 500 peer_port 500 (I) MM_NO_STATE

000600: *Feb 11 18:36:18.556 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

000601: *Feb 11 18:36:28.552 UTC: IPSEC(key_engine): request timer fired: count = 1,

  (identity) local= 10.0.0.1:0, remote= 83.220.224.218:0,

    local_proxy= 10.0.0.1/255.255.255.255/47/0,

    remote_proxy= 83.220.224.218/255.255.255.255/47/0

000602: *Feb 11 18:36:28.552 UTC: IPSEC(sa_request): ,

  (key eng. msg.) OUTBOUND local= 10.0.0.1:500, remote= 83.220.224.218:500,

    local_proxy= 10.0.0.1/255.255.255.255/47/0,

    remote_proxy= 83.220.224.218/255.255.255.255/47/0,

    protocol= ESP, transform= esp-aes 256 esp-sha-hmac  (Transport),

    lifedur= 3600s and 4608000kb,

    spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x0

000603: *Feb 11 18:36:28.552 UTC: ISAKMP: set new node 0 to QM_IDLE

000604: *Feb 11 18:36:28.552 UTC: ISAKMP:(0):SA is still budding. Attached new ipsec request to it. (local 10.0.0.1, remote 83.220.224.218)

000605: *Feb 11 18:36:28.552 UTC: ISAKMP: Error while processing SA request: Failed to initialize SA

000606: *Feb 11 18:36:28.552 UTC: ISAKMP: Error while processing KMI message 0, error 2.

000607: *Feb 11 18:36:28.556 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...

000608: *Feb 11 18:36:28.556 UTC: ISAKMP (0): incrementing error counter on sa, attempt 3 of 5: retransmit phase 1

000609: *Feb 11 18:36:28.556 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE

000610: *Feb 11 18:36:28.556 UTC: ISAKMP:(0): sending packet to 83.220.224.218 my_port 500 peer_port 500 (I) MM_NO_STATE

000611: *Feb 11 18:36:28.556 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

000612: *Feb 11 18:36:38.556 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...

000613: *Feb 11 18:36:38.556 UTC: ISAKMP (0): incrementing error counter on sa, attempt 4 of 5: retransmit phase 1

000614: *Feb 11 18:36:38.556 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE

000615: *Feb 11 18:36:38.556 UTC: ISAKMP:(0): sending packet to 83.220.224.218 my_port 500 peer_port 500 (I) MM_NO_STATE

000616: *Feb 11 18:36:38.556 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

000617: *Feb 11 18:36:41.564 UTC: ISAKMP:(0):ISAKMP: sending nat keepalive packet:

from src 10.0.0.1 (port:4500) to dest 141.101.243.16 (port:4500)

000618: *Feb 11 18:36:41.564 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

000619: *Feb 11 18:36:46.808 UTC: ISAKMP:(0):ISAKMP: sending nat keepalive packet:

from src 10.0.0.1 (port:4500) to dest 141.101.243.17 (port:4500)

000620: *Feb 11 18:36:46.808 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

000621: *Feb 11 18:36:48.556 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...

000622: *Feb 11 18:36:48.556 UTC: ISAKMP (0): incrementing error counter on sa, attempt 5 of 5: retransmit phase 1

000623: *Feb 11 18:36:48.556 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE

000624: *Feb 11 18:36:48.556 UTC: ISAKMP:(0): sending packet to 83.220.224.218 my_port 500 peer_port 500 (I) MM_NO_STATE

000625: *Feb 11 18:36:48.556 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

from src 10.0.0.1 (port:4500) to dest 141.101.243.16 (port:4500)

000593: *Feb 11 18:36:11.564 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

000594: *Feb 11 18:36:16.808 UTC: ISAKMP:(0):ISAKMP: sending nat keepalive packet:

from src 10.0.0.1 (port:4500) to dest 141.101.243.17 (port:4500)

000595: *Feb 11 18:36:16.808 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

000596: *Feb 11 18:36:18.556 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...

000597: *Feb 11 18:36:18.556 UTC: ISAKMP (0): incrementing error counter on sa, attempt 2 of 5: retransmit phase 1

000598: *Feb 11 18:36:18.556 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE

000599: *Feb 11 18:36:18.556 UTC: ISAKMP:(0): sending packet to 83.220.224.218 my_port 500 peer_port 500 (I) MM_NO_STATE

000600: *Feb 11 18:36:18.556 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

000601: *Feb 11 18:36:28.552 UTC: IPSEC(key_engine): request timer fired: count = 1,

  (identity) local= 10.0.0.1:0, remote= 83.220.224.218:0,

    local_proxy= 10.0.0.1/255.255.255.255/47/0,

    remote_proxy= 83.220.224.218/255.255.255.255/47/0

000602: *Feb 11 18:36:28.552 UTC: IPSEC(sa_request): ,

  (key eng. msg.) OUTBOUND local= 10.0.0.1:500, remote= 83.220.224.218:500,

    local_proxy= 10.0.0.1/255.255.255.255/47/0,

    remote_proxy= 83.220.224.218/255.255.255.255/47/0,

    protocol= ESP, transform= esp-aes 256 esp-sha-hmac  (Transport),

    lifedur= 3600s and 4608000kb,

    spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x0

000603: *Feb 11 18:36:28.552 UTC: ISAKMP: set new node 0 to QM_IDLE

000604: *Feb 11 18:36:28.552 UTC: ISAKMP:(0):SA is still budding. Attached new ipsec request to it. (local 10.0.0.1, remote 83.220.224.218)

000605: *Feb 11 18:36:28.552 UTC: ISAKMP: Error while processing SA request: Failed to initialize SA

000606: *Feb 11 18:36:28.552 UTC: ISAKMP: Error while processing KMI message 0, error 2.

000607: *Feb 11 18:36:28.556 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...

000608: *Feb 11 18:36:28.556 UTC: ISAKMP (0): incrementing error counter on sa, attempt 3 of 5: retransmit phase 1

000609: *Feb 11 18:36:28.556 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE

000610: *Feb 11 18:36:28.556 UTC: ISAKMP:(0): sending packet to 83.220.224.218 my_port 500 peer_port 500 (I) MM_NO_STATE

000611: *Feb 11 18:36:28.556 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

000612: *Feb 11 18:36:38.556 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...

000613: *Feb 11 18:36:38.556 UTC: ISAKMP (0): incrementing error counter on sa, attempt 4 of 5: retransmit phase 1

000614: *Feb 11 18:36:38.556 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE

000615: *Feb 11 18:36:38.556 UTC: ISAKMP:(0): sending packet to 83.220.224.218 my_port 500 peer_port 500 (I) MM_NO_STATE

000616: *Feb 11 18:36:38.556 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

000617: *Feb 11 18:36:41.564 UTC: ISAKMP:(0):ISAKMP: sending nat keepalive packet:

from src 10.0.0.1 (port:4500) to dest 141.101.243.16 (port:4500)

000618: *Feb 11 18:36:41.564 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

000619: *Feb 11 18:36:46.808 UTC: ISAKMP:(0):ISAKMP: sending nat keepalive packet:

from src 10.0.0.1 (port:4500) to dest 141.101.243.17 (port:4500)

000620: *Feb 11 18:36:46.808 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

000621: *Feb 11 18:36:48.556 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...

000622: *Feb 11 18:36:48.556 UTC: ISAKMP (0): incrementing error counter on sa, attempt 5 of 5: retransmit phase 1

000623: *Feb 11 18:36:48.556 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE

000624: *Feb 11 18:36:48.556 UTC: ISAKMP:(0): sending packet to 83.220.224.218 my_port 500 peer_port 500 (I) MM_NO_STATE

000625: *Feb 11 18:36:48.556 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

000626: *Feb 11 18:36:58.552 UTC: IPSEC(key_engine): request timer fired: count = 2,

  (identity) local= 10.0.0.1:0, remote= 83.220.224.218:0,

    local_proxy= 10.0.0.1/255.255.255.255/47/0,

    remote_proxy= 83.220.224.218/255.255.255.255/47/0

000627: *Feb 11 18:36:58.556 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...

000628: *Feb 11 18:36:58.556 UTC: ISAKMP:(0):peer does not do paranoid keepalives.

000629: *Feb 11 18:36:58.556 UTC: ISAKMP:(0):deleting SA reason "Death by retransmission P1" state (I) MM_NO_STATE (peer 83.220.224.218)

000630: *Feb 11 18:36:58.556 UTC: ISAKMP:(0):deleting SA reason "Death by retransmission P1" state (I) MM_NO_STATE (peer 83.220.224.218)

000631: *Feb 11 18:36:58.556 UTC: ISAKMP: Unlocking peer struct 0x8B3ECC34 for isadb_mark_sa_deleted(), count 0

000632: *Feb 11 18:36:58.556 UTC: ISAKMP: Deleting peer node by peer_reap for 83.220.224.218: 8B3ECC34

000633: *Feb 11 18:36:58.556 UTC: ISAKMP:(0):deleting node 661848415 error FALSE reason "IKE deleted"

000634: *Feb 11 18:36:58.556 UTC: ISAKMP:(0):deleting node 1353180773 error FALSE reason "IKE deleted"

000635: *Feb 11 18:36:58.556 UTC: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL

000636: *Feb 11 18:36:58.556 UTC: ISAKMP:(0):Old State = IKE_I_MM1  New State = IKE_DEST_SA

000637: *Feb 11 18:36:58.556 UTC: IPSEC(key_engine): got a queue event with 1 KMI message(s)

####

SPOKE_2:

000596: *Feb 11 18:36:18.556 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...

000597: *Feb 11 18:36:18.556 UTC: ISAKMP (0): incrementing error counter on sa, attempt 2 of 5: retransmit phase 1

000598: *Feb 11 18:36:18.556 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE

000599: *Feb 11 18:36:18.556 UTC: ISAKMP:(0): sending packet to 83.220.224.218 my_port 500 peer_port 500 (I) MM_NO_STATE

000600: *Feb 11 18:36:18.556 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

000601: *Feb 11 18:36:28.552 UTC: IPSEC(key_engine): request timer fired: count = 1,

  (identity) local= 10.0.0.1:0, remote= 83.220.224.218:0,

    local_proxy= 10.0.0.1/255.255.255.255/47/0,

    remote_proxy= 83.220.224.218/255.255.255.255/47/0

000602: *Feb 11 18:36:28.552 UTC: IPSEC(sa_request): ,

  (key eng. msg.) OUTBOUND local= 10.0.0.1:500, remote= 83.220.224.218:500,

    local_proxy= 10.0.0.1/255.255.255.255/47/0,

    remote_proxy= 83.220.224.218/255.255.255.255/47/0,

    protocol= ESP, transform= esp-aes 256 esp-sha-hmac  (Transport),

    lifedur= 3600s and 4608000kb,

    spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x0

000603: *Feb 11 18:36:28.552 UTC: ISAKMP: set new node 0 to QM_IDLE

000604: *Feb 11 18:36:28.552 UTC: ISAKMP:(0):SA is still budding. Attached new ipsec request to it. (local 10.0.0.1, remote 83.220.224.218)

000605: *Feb 11 18:36:28.552 UTC: ISAKMP: Error while processing SA request: Failed to initialize SA

000606: *Feb 11 18:36:28.552 UTC: ISAKMP: Error while processing KMI message 0, error 2.

000607: *Feb 11 18:36:28.556 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...

000608: *Feb 11 18:36:28.556 UTC: ISAKMP (0): incrementing error counter on sa, attempt 3 of 5: retransmit phase 1

000609: *Feb 11 18:36:28.556 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE

000610: *Feb 11 18:36:28.556 UTC: ISAKMP:(0): sending packet to 83.220.224.218 my_port 500 peer_port 500 (I) MM_NO_STATE

000611: *Feb 11 18:36:28.556 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

000612: *Feb 11 18:36:38.556 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...

000613: *Feb 11 18:36:38.556 UTC: ISAKMP (0): incrementing error counter on sa, attempt 4 of 5: retransmit phase 1

000614: *Feb 11 18:36:38.556 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE

000615: *Feb 11 18:36:38.556 UTC: ISAKMP:(0): sending packet to 83.220.224.218 my_port 500 peer_port 500 (I) MM_NO_STATE

000616: *Feb 11 18:36:38.556 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

000617: *Feb 11 18:36:41.564 UTC: ISAKMP:(0):ISAKMP: sending nat keepalive packet:

from src 10.0.0.1 (port:4500) to dest 141.101.243.16 (port:4500)

000618: *Feb 11 18:36:41.564 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

000619: *Feb 11 18:36:46.808 UTC: ISAKMP:(0):ISAKMP: sending nat keepalive packet:

from src 10.0.0.1 (port:4500) to dest 141.101.243.17 (port:4500)

000620: *Feb 11 18:36:46.808 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

000621: *Feb 11 18:36:48.556 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...

000622: *Feb 11 18:36:48.556 UTC: ISAKMP (0): incrementing error counter on sa, attempt 5 of 5: retransmit phase 1

000623: *Feb 11 18:36:48.556 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE

000624: *Feb 11 18:36:48.556 UTC: ISAKMP:(0): sending packet to 83.220.224.218 my_port 500 peer_port 500 (I) MM_NO_STATE

000625: *Feb 11 18:36:48.556 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

from src 10.0.0.1 (port:4500) to dest 141.101.243.16 (port:4500)

000593: *Feb 11 18:36:11.564 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

000594: *Feb 11 18:36:16.808 UTC: ISAKMP:(0):ISAKMP: sending nat keepalive packet:

from src 10.0.0.1 (port:4500) to dest 141.101.243.17 (port:4500)

000595: *Feb 11 18:36:16.808 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

000596: *Feb 11 18:36:18.556 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...

000597: *Feb 11 18:36:18.556 UTC: ISAKMP (0): incrementing error counter on sa, attempt 2 of 5: retransmit phase 1

000598: *Feb 11 18:36:18.556 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE

000599: *Feb 11 18:36:18.556 UTC: ISAKMP:(0): sending packet to 83.220.224.218 my_port 500 peer_port 500 (I) MM_NO_STATE

000600: *Feb 11 18:36:18.556 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

000601: *Feb 11 18:36:28.552 UTC: IPSEC(key_engine): request timer fired: count = 1,

  (identity) local= 10.0.0.1:0, remote= 83.220.224.218:0,

    local_proxy= 10.0.0.1/255.255.255.255/47/0,

    remote_proxy= 83.220.224.218/255.255.255.255/47/0

000602: *Feb 11 18:36:28.552 UTC: IPSEC(sa_request): ,

  (key eng. msg.) OUTBOUND local= 10.0.0.1:500, remote= 83.220.224.218:500,

    local_proxy= 10.0.0.1/255.255.255.255/47/0,

    remote_proxy= 83.220.224.218/255.255.255.255/47/0,

    protocol= ESP, transform= esp-aes 256 esp-sha-hmac  (Transport),

    lifedur= 3600s and 4608000kb,

    spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x0

000603: *Feb 11 18:36:28.552 UTC: ISAKMP: set new node 0 to QM_IDLE

000604: *Feb 11 18:36:28.552 UTC: ISAKMP:(0):SA is still budding. Attached new ipsec request to it. (local 10.0.0.1, remote 83.220.224.218)

000605: *Feb 11 18:36:28.552 UTC: ISAKMP: Error while processing SA request: Failed to initialize SA

000606: *Feb 11 18:36:28.552 UTC: ISAKMP: Error while processing KMI message 0, error 2.

000607: *Feb 11 18:36:28.556 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...

000608: *Feb 11 18:36:28.556 UTC: ISAKMP (0): incrementing error counter on sa, attempt 3 of 5: retransmit phase 1

000609: *Feb 11 18:36:28.556 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE

000610: *Feb 11 18:36:28.556 UTC: ISAKMP:(0): sending packet to 83.220.224.218 my_port 500 peer_port 500 (I) MM_NO_STATE

000611: *Feb 11 18:36:28.556 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

000612: *Feb 11 18:36:38.556 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...

000613: *Feb 11 18:36:38.556 UTC: ISAKMP (0): incrementing error counter on sa, attempt 4 of 5: retransmit phase 1

000614: *Feb 11 18:36:38.556 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE

000615: *Feb 11 18:36:38.556 UTC: ISAKMP:(0): sending packet to 83.220.224.218 my_port 500 peer_port 500 (I) MM_NO_STATE

000616: *Feb 11 18:36:38.556 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

000617: *Feb 11 18:36:41.564 UTC: ISAKMP:(0):ISAKMP: sending nat keepalive packet:

from src 10.0.0.1 (port:4500) to dest 141.101.243.16 (port:4500)

000618: *Feb 11 18:36:41.564 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

000619: *Feb 11 18:36:46.808 UTC: ISAKMP:(0):ISAKMP: sending nat keepalive packet:

from src 10.0.0.1 (port:4500) to dest 141.101.243.17 (port:4500)

000620: *Feb 11 18:36:46.808 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

000621: *Feb 11 18:36:48.556 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...

000622: *Feb 11 18:36:48.556 UTC: ISAKMP (0): incrementing error counter on sa, attempt 5 of 5: retransmit phase 1

000623: *Feb 11 18:36:48.556 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE

000624: *Feb 11 18:36:48.556 UTC: ISAKMP:(0): sending packet to 83.220.224.218 my_port 500 peer_port 500 (I) MM_NO_STATE

000625: *Feb 11 18:36:48.556 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

000626: *Feb 11 18:36:58.552 UTC: IPSEC(key_engine): request timer fired: count = 2,

  (identity) local= 10.0.0.1:0, remote= 83.220.224.218:0,

    local_proxy= 10.0.0.1/255.255.255.255/47/0,

    remote_proxy= 83.220.224.218/255.255.255.255/47/0

000627: *Feb 11 18:36:58.556 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...

000628: *Feb 11 18:36:58.556 UTC: ISAKMP:(0):peer does not do paranoid keepalives.

000629: *Feb 11 18:36:58.556 UTC: ISAKMP:(0):deleting SA reason "Death by retransmission P1" state (I) MM_NO_STATE (peer 83.220.224.218)

000630: *Feb 11 18:36:58.556 UTC: ISAKMP:(0):deleting SA reason "Death by retransmission P1" state (I) MM_NO_STATE (peer 83.220.224.218)

000631: *Feb 11 18:36:58.556 UTC: ISAKMP: Unlocking peer struct 0x8B3ECC34 for isadb_mark_sa_deleted(), count 0

000632: *Feb 11 18:36:58.556 UTC: ISAKMP: Deleting peer node by peer_reap for 83.220.224.218: 8B3ECC34

000633: *Feb 11 18:36:58.556 UTC: ISAKMP:(0):deleting node 661848415 error FALSE reason "IKE deleted"

000634: *Feb 11 18:36:58.556 UTC: ISAKMP:(0):deleting node 1353180773 error FALSE reason "IKE deleted"

000635: *Feb 11 18:36:58.556 UTC: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL

000636: *Feb 11 18:36:58.556 UTC: ISAKMP:(0):Old State = IKE_I_MM1  New State = IKE_DEST_SA

000637: *Feb 11 18:36:58.556 UTC: IPSEC(key_engine): got a queue event with 1 KMI message(s)

000638: *Feb 11 18:37:11.564 UTC: ISAKMP:(0):ISAKMP: sending nat keepalive packet:

from src 10.0.0.1 (port:4500) to dest 141.101.243.16 (port:4500)

000639: *Feb 11 18:37:11.564 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

000640: *Feb 11 18:37:16.808 UTC: ISAKMP:(0):ISAKMP: sending nat keepalive packet:

from src 10.0.0.1 (port:4500) to dest 141.101.243.17 (port:4500)

000641: *Feb 11 18:37:16.808 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

000263: *Feb 11 18:36:34.122 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...

000264: *Feb 11 18:36:34.122 UTC: ISAKMP (0): incrementing error counter on sa, attempt 4 of 5: retransmit phase 1

000265: *Feb 11 18:36:34.122 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE

000266: *Feb 11 18:36:34.122 UTC: ISAKMP:(0): sending packet to 83.220.224.185 my_port 500 peer_port 500 (I) MM_NO_STATE

000267: *Feb 11 18:36:34.122 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.ng 10.0.0.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:

....

000268: *Feb 11 18:36:44.122 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...

000269: *Feb 11 18:36:44.122 UTC: ISAKMP (0): incrementing error counter on sa, attempt 5 of 5: retransmit phase 1

000270: *Feb 11 18:36:44.122 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE

000271: *Feb 11 18:36:44.122 UTC: ISAKMP:(0): sending packet to 83.220.224.185 my_port 500 peer_port 500 (I) MM_NO_STATE

000272: *Feb 11 18:36:44.122 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet..

Success rate is 0 percent (0/5)

SPOKE_2#

000273: *Feb 11 18:36:54.118 UTC: IPSEC(key_engine): request timer fired: count = 2,

  (identity) local= 10.2.0.1:0, remote= 83.220.224.185:0,

    local_proxy= 10.2.0.1/255.255.255.255/47/0,

    remote_proxy= 83.220.224.185/255.255.255.255/47/0

000274: *Feb 11 18:36:54.122 UTC: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...

000275: *Feb 11 18:36:54.122 UTC: ISAKMP:(0):peer does not do paranoid keepalives.

000276: *Feb 11 18:36:54.122 UTC: ISAKMP:(0):deleting SA reason "Death by retransmission P1" state (I) MM_NO_STATE (peer 83.220.224.185)

000277: *Feb 11 18:36:54.122 UTC: ISAKMP:(0):deleting SA reason "Death by retransmission P1" state (I) MM_NO_STATE (peer 83.220.224.185)

000278: *Feb 11 18:36:54.122 UTC: ISAKMP: Unlocking peer struct 0x8AF56098 for isadb_mark_sa_deleted(), count 0

000279: *Feb 11 18:36:54.122 UTC: ISAKMP: Deleting peer node by peer_reap for 83.220.224.185: 8AF56098

000280: *Feb 11 18:36:54.122 UTC: ISAKMP:(0):deleting node 1046257597 error FALSE reason "IKE deleted"

000281: *Feb 11 18:36:54.122 UTC: ISAKMP:(0):deleting node -1877689439 error FALSE reason "IKE deleted"

000282: *Feb 11 18:36:54.122 UTC: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL

000283: *Feb 11 18:36:54.122 UTC: ISAKMP:(0):Old State = IKE_I_MM1  New State = IKE_DEST_SA

000284: *Feb 11 18:36:54.122 UTC: IPSEC(key_engine): got a queue event with 1 KMI message(s)

000285: *Feb 11 18:36:54.790 UTC: ISAKMP:(0):ISAKMP: sending nat keepalive packet:

from src 10.2.0.1 (port:4500) to dest 141.101.243.16 (port:4500)

000286: *Feb 11 18:36:54.790 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

000287: *Feb 11 18:36:54.794 UTC: ISAKMP:(0):ISAKMP: sending nat keepalive packet:

from src 10.2.0.1 (port:4500) to dest 141.101.243.17 (port:4500)

000288: *Feb 11 18:36:54.794 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

000289: *Feb 11 18:37:11.910 UTC: ISAKMP:(0):purging node 1963412335

000290: *Feb 11 18:37:21.910 UTC: ISAKMP:(0):purging SA., sa=85EABF14, delme=85EABF14

000291: *Feb 11 18:37:24.790 UTC: ISAKMP:(0):ISAKMP: sending nat keepalive packet:

from src 10.2.0.1 (port:4500) to dest 141.101.243.16 (port:4500)

000292: *Feb 11 18:37:24.790 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

000293: *Feb 11 18:37:24.794 UTC: ISAKMP:(0):ISAKMP: sending nat keepalive packet:

from src 10.2.0.1 (port:4500) to dest 141.101.243.17 (port:4500)

000294: *Feb 11 18:37:24.794 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.

New Member

Re: Не работает DMVPN Phase2 (spoke-to-spoke)

Странно, что на Cellular0 iface ip отличаются от тех, что находятся в sh ip nhrp br:

spoke_1:

SPOKE_1#sh ip nhrp br

   Target             Via            NBMA           Mode   Intfc   Claimed

192.168.0.1/32       192.168.0.1     141.101.243.16  static   Tu1     <   >

192.168.0.2/32       192.168.0.2     141.101.243.17  static   Tu1     <   >

192.168.0.20/32      192.168.0.20    83.220.224.218  dynamic  Tu1     10.2.0.1

spoke_2:

SPOKE_2#sh ip nhrp br

   Target             Via            NBMA           Mode   Intfc   Claimed

192.168.0.1/32       192.168.0.1     141.101.243.16  static   Tu1     <   >

192.168.0.2/32       192.168.0.2     141.101.243.17  static   Tu1     <   >

192.168.0.10/32      192.168.0.10    83.220.224.185  dynamic  Tu1     10.0.0.1

New Member

Re: Не работает DMVPN Phase2 (spoke-to-spoke)

Как я вижу, проблема с NHRP.

Уменьшил таймеры:

ip nhrp holdtime 30

ip nhrp registration no-unique

ip nhrp registration timeout 30

###

HUB_1:

#sh ip nhrp br

   Target             Via            NBMA           Mode   Intfc   Claimed

192.168.0.10/32      192.168.0.10    83.220.224.89   dynamic  Tu1     10.0.0.1

192.168.0.20/32      192.168.0.20    83.220.224.192  dynamic  Tu1     10.2.0.1

HUB_2:

   Target             Via            NBMA           Mode   Intfc   Claimed

192.168.0.10/32      192.168.0.10    83.220.224.89   dynamic  Tu1     10.0.0.1

192.168.0.20/32      192.168.0.20    83.220.224.192  dynamic  Tu1     10.2.0.1

##

SPOKE_1:

   Target             Via            NBMA           Mode   Intfc   Claimed

192.168.0.1/32       192.168.0.1     141.101.243.16  static   Tu1     <   >

192.168.0.2/32       192.168.0.2     141.101.243.17  static   Tu1     <   >

192.168.0.20/32      192.168.0.20    83.220.224.192  dynamic  Tu1     10.2.0.1

###

SPOKE_2:

SPOKE_2#ping 10.0.0.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 640/826/1072 ms

SPOKE_2#traceroute 10.0.0.1

Type escape sequence to abort.

Tracing the route to 10.0.0.1

VRF info: (vrf in name/id, vrf out name/id)

  1 test1.0.168.192.in-addr.arpa (192.168.0.1) 240 msec 460 msec 276 msec

  2 192.168.0.10 2100 msec 656 msec 644 msec

SPOKE_2#sh ip nhrp br

   Target             Via            NBMA           Mode   Intfc   Claimed

192.168.0.1/32       192.168.0.1     141.101.243.16  static   Tu1     <   >

192.168.0.2/32       192.168.0.2     141.101.243.17  static   Tu1     <   >

192.168.0.10/32      192.168.0.10    141.101.243.16  dynamic  Tu1     <   >

###

Везде база NHRP верная, кроме SPOKE_2 !

Re: Не работает DMVPN Phase2 (spoke-to-spoke)

Куда страннее, что по новым дебагам оба спока ломятся на 83.220.224.218 (а скорее, только один из них, плюс какая-то путаница с логами). Это еще один спок? Не может ли у него на туннеле быть прописан тот же адрес 192.168.0.20 (ошибка копипаста)? Если есть другие споки, то советую провести ревизию конфигов на предмет возможных совпадений тех параметров, которые должны быть уникальны.

На spoke_2 сделайте debug nhrp packet и clear ip nhrp 192.168.0.10. Не сам же он выдумал адрес другого спока как у хаба.

New Member

Re: Не работает DMVPN Phase2 (spoke-to-spoke)

Сделал, судя по концу лога он решил, что 192.168.0.10/32 имеет public ip: 141.101.243.16 - а это HUB_1 !

По почему и как ?

SPOKE_2#sh ip nhrp br

   Target             Via            NBMA           Mode   Intfc   Claimed

192.168.0.1/32       192.168.0.1     141.101.243.16  static   Tu1     <   >

192.168.0.2/32       192.168.0.2     141.101.243.17  static   Tu1     <   >

192.168.0.10/32      192.168.0.10    141.101.243.16  dynamic  Tu1     <   >

##

SPOKE_2#ping 10.0.0.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:

!11 19:49:29.663 UTC:      src protocol: 192.168.0.20, dst protocol: 192.168.0.1

000071: *Feb 11 19:49:29.663 UTC:  (C-1) code: no error(0)

000072: *Feb 11 19:49:29.663 UTC:        prefix: 32, mtu: 17854, hd_time: 30

000073: *Feb 11 19:49:29.663 UTC:        addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0

000074: *Feb 11 19:49:29.663 UTC: NHRP: Send Registration Request via Tunnel1 vrf 0, packet size: 105

000075: *Feb 11 19:49:29.663 UTC:  src: 192.168.0.20, dst: 192.168.0.2

000076: *Feb 11 19:49:29.663 UTC:  (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1

000077: *Feb 11 19:49:29.663 UTC:      shtl: 4(NSAP), sstl: 0(NSAP)

000078: *Feb 11 19:49:29.663 UTC:      pktsz: 105 extoff: 52

000079: *Feb 11 19:49:29.663 UTC:  (M) flags: "nat ", reqid: 131104

000080: *Feb 11 19:49:29.663 UTC:      src NBMA: 10.2.0.1

000081: *Feb 11 19:49:29.663 UTC:      src protocol: 192.168.0.20, dst protocol: 192.168.0.2

000082: *Feb 11 19:49:29.663 UTC:  (C-1) code: no error(0)

000083: *Feb 11 19:49:29.663 UTC:        prefix: 32, mtu: 17854, hd_time: 30

000084: *Feb 11 19:49:29.663 UTC:        addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0

000085: *Feb 11 19:49:30.275 UTC: NHRP: Send Registration Request via Tunnel1 vrf 0, packet size: 105

000086: *Feb 11 19:49:30.275 UTC:  src: 192.168.0.20, dst: 192.168.0.1

000087: *Feb 11 19:49:30.275 UTC:  (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1

000088: *Feb 11 19:49:30.275 UTC:      shtl: 4(NSAP), sstl: 0(NSAP)

000089: *Feb 11 19:49:30.275 UTC:      pktsz: 105 extoff: 52

000090: *Feb 11 19:49:30.275 UTC:  (M) flags: "nat ", reqid: 65567

000091: *Feb 11 19:49:30.275 UTC:      src NBMA: 10.2.0.1

000092: *Feb 11 19:49:30.275 UTC:      src protocol: 192.168.0.20, dst protocol: 192.168.0.1

000093: *Feb 11 19:49:30.275 UTC:  (C-1) code: no error(0)

000094: *Feb 11 19:49:30.275 UTC:        prefix: 32, mtu: 17854, hd_time: 30

000095: *Feb 11 19:49:30.275 UTC:        addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0

000096: *Feb 11 19:49:30.311 UTC: NHRP: Send Registration Request via Tunnel1 vrf 0, packet size: 105

000097: *Feb 11 19:49:30.311 UTC:  src: 192.168.0.20, dst: 192.168.0.2

000098: *Feb 11 19:49:30.311 UTC:  (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1

000099: *Feb 11 19:49:30.311 UTC:      shtl: 4(NSAP), sstl: 0(NSAP)

000100: *Feb 11 19:49:30.311 UTC:      pktsz: 105 extoff: 52

000101: *Feb 11 19:49:30.311 UTC:  (M) flags: "nat ", reqid: 131104

000102: *Feb 11 19:49:30.311 UTC:      src NBMA: 10.2.0.1

000103: *Feb 11 19:49:30.311 UTC:      src protocol: 192.168.0.20, dst protocol: 192.168.0.2

000104: *Feb 11 19:49:3.0.311 UTC:  (C-1) code: no error(0)

000105: *Feb 11 19:49:30.311 UTC:        prefix: 32, mtu: 17854, hd_time: 30

000106: *Feb 11 19:49:30.311 UTC:        addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0

000107: *Feb 11 19:49:31.107 UTC: NHRP: Send Registration Request via Tunnel1 vrf 0, packet size: 105

000108: *Feb 11 19:49:31.107 UTC:  src: 192.168.0.20, dst: 192.168.0.2

000109: *Feb 11 19:49:31.107 UTC:  (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1

000110: *Feb 11 19:49:31.107 UTC:      shtl: 4(NSAP), sstl: 0(NSAP)

000111: *Feb 11 19:49:31.107 UTC:      pktsz: 105 extoff: 52

000112: *Feb 11 19:49:31.107 UTC:  (M) flags: "nat ", reqid: 131104

000113: *Feb 11 19:49:31.107 UTC:      src NBMA: 10.2.0.1

000114: *Feb 11 19:49:31.107 UTC:      src protocol: 192.168.0.20, dst protocol: 192.168.0.2

000115: *Feb 11 19:49:31.107 UTC:  (C-1) code: no error(0)

000116: *Feb 11 19:49:31.107 UTC:        prefix: 32, mtu: 17854, hd_time: 30

000117: *Feb 11 19:49:31.107 UTC:        addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0

000118: *Feb 11 19:49:31.211 UTC: NHRP: Send Registration Request via Tunnel1 vrf 0, packet size: 105

000119: *Feb 11 19:49:31.211 UTC:  src: 192.168.0.20, dst: 192.168.0.1

000120: *Feb 11 19:49:31.211 UTC:  (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1

000121: *Feb 11 19:49:31.211 UTC:      shtl: 4(NSAP), sstl: 0(NSAP)

000122: *Feb 11 19:49:31.211 UTC:      pktsz: 105 extoff: 52

000123: *Feb 11 19:49:31.211 UTC:  (M) flags: "nat ", reqid: 65567

000124: *Feb 11 19:49:31.211 UTC:      src NBMA: 10.2.0.1

000125: *Feb 11 19:49:31.211 UTC:      src protocol: 192.168.0.20, dst protocol: 192.168.0.1

000126: *Feb 11 19:49:31.211 UTC:  (C-1) code: no error(0)

000127: *Feb 11 19:49:31.211 UTC:        prefix: 32, mtu: 17854, hd_time: 30

000128: *Feb 11 19:49:31.211 UTC:        addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0

000129: *Feb 11 19:49:32.555 UTC: NHRP: Send Registration Request via Tunnel1 vrf 0, packet size: 105

000130: *Feb 11 19:49:32.555 UTC:  src: 192.168.0.20, dst: 192.168.0.1

000131: *Feb 11 19:49:32.555 UTC!:  (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1

000132: *Feb 11 19:49:32.555 UTC:      shtl: 4(NSAP), sstl: 0(NSAP)

000133: *Feb 11 19:49:32.555 UTC:      pktsz: 105 extoff: 52

000134: *Feb 11 19:49:32.555 UTC:  (M) flags: "nat ", reqid: 65567

000135: *Feb 11 19:49:32.555 UTC:      src NBMA: 10.2.0.1

000136: *Feb 11 19:49:32.555 UTC:      src protocol: 192.168.0.20, dst protocol: 192.168.0.1

000137: *Feb 11 19:49:32.555 UTC:  (C-1) code: no error(0)

000138: *Feb 11 19:49:32.555 UTC:        prefix: 32, mtu: 17854, hd_time: 30

000139: *Feb 11 19:49:32.555 UTC:        addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0

000140: *Feb 11 19:49:32.667 UTC: NHRP: Send Registration Request via Tunnel1 vrf 0, packet size: 105

000141: *Feb 11 19:49:32.667 UTC:  src: 192.168.0.20, dst: 192.168.0.2

000142: *Feb 11 19:49:32.667 UTC:  (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1

000143: *Feb 11 19:49:32.667 UTC:      shtl: 4(NSAP), sstl: 0(NSAP)

000144: *Feb 11 19:49:32.667 UTC:      pktsz: 105 extoff: 52

000145: *Feb 11 19:49:32.667 UTC:  (M) flags: "nat ", reqid: 131104

000146: *Feb 11 19:49:32.667 UTC:      src NBMA: 10.2.0.1

000147: *Feb 11 19:49:32.667 UTC:      src protocol: 192.168.0.20, dst protocol: 192.168.0.2

000148: *Feb 11 19:49:32.667 UTC:  (C-1) code: no error(0)

000149: *Feb 11 19:49:32.667 UTC:        prefix: 32, mtu: 17854, hd_time: 30

000150: *Feb 11 19:49:32.667 UTC:        addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0

000151: *Feb 11 19:49:33.087 UTC: NHRP: Receive Registration Reply via Tunnel1 vrf 0, packet size: 145

000152: *Feb 11 19:49:33.087 UTC:  (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1

000153: *Feb 11 19:49:33.087 UTC:      shtl: 4(NSAP), sstl: 0(NSAP)

000154: *Feb 11 19:49:33.087 UTC:      pktsz: 145 extoff: 52

000155: *Feb 11 19:49:33.087 UTC:  (M) flags: "nat ", reqid: 65567

000156: *Feb 11 19:49:33.087 UTC:      src NBMA: 10.2.0.1

000157: *Feb 11 19:49:33.087 UTC:      src protocol: 192.168.0.20, dst protocol: 192.168.0.1

000158: *Feb 11 19:49:33.087 UTC:  (C-1) code: no error(0)

000159: *Feb 11 19:49:33.087 UTC:        prefix: 32, mtu: 17854, hd_time: 30

000160: *Feb 11 19:49:33.087 UTC:        addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0

000161: *Feb 11 19:49:36.011 UTC: NHRP: Send Registration Request via Tunnel1 vrf 0, packet size: 105

000162: *Feb 11 19:49:36.011 UTC:  src: 192.168.0.20, dst: 192.168.0.2

000163: *Feb 11 19:49:36.011 UTC:  (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1

000164: *Feb 11 19:49:36.011 UTC:      shtl: 4(NSAP), sstl: 0(NSAP)

000165: *Feb 11 19:49:36.011 UTC:      pktsz: 105 ex!toff: 52

000166: *Feb 11 19:49:36.011 UTC:  (M) flags: "nat ", reqid: 131104

000167: *Feb 11 19:49:36.011 UTC:      src NBMA: 10.2.0.1

000168: *Feb 11 19:49:36.011 UTC:      src protocol: 192.168.0.20, dst protocol: 192.168.0.2

000169: *Feb 11 19:49:36.011 UTC:  (C-1) code: no error(0)

000170: *Feb 11 19:49:36.011 UTC:        prefix: 32, mtu: 17854, hd_time: 30

000171: *Feb 11 19:49:36.011 UTC:        addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0

000172: *Feb 11 19:49:43.871 UTC: NHRP: Send Registration Request via Tunnel1 vrf 0, packet size: 105

000173: *Feb 11 19:49:43.871 UTC:  src: 192.168.0.20, dst: 192.168.0.2

000174: *Feb 11 19:49:43.871 UTC:  (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1

000175: *Feb 11 19:49:43.871 UTC:      shtl: 4(NSAP), sstl: 0(NSAP)

000176: *Feb 11 19:49:43.871 UTC:      pktsz: 105 extoff: 52

000177: *Feb 11 19:49:43.871 UTC:  (M) flags: "nat ", reqid: 131104

000178: *Feb 11 19:49:43.871 UTC:      src NBMA: 10.2.0.1

000179: *Feb 11 19:49:43.871 UTC:      src protocol: 192.168.0.20, dst pro!

Success rate is 80 percent (4/5), round-trip min/avg/max = 616/1121/1876 ms

SPOKE_2#tocol: 192.168.0.2

000180: *Feb 11 19:49:43.871 UTC:  (C-1) code: no error(0)

000181: *Feb 11 19:49:43.871 UTC:        prefix: 32, mtu: 17854, hd_time: 30

000182: *Feb 11 19:49:43.871 UTC:        addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0

000183: *Feb 11 19:49:46.527 UTC: NHRP: Send Resolution Request via Tunnel1 vrf 0, packet size: 105

000184: *Feb 11 19:49:46.527 UTC:  src: 192.168.0.20, dst: 192.168.0.10

000185: *Feb 11 19:49:46.527 UTC:  (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1

000186: *Feb 11 19:49:46.527 UTC:      shtl: 4(NSAP), sstl: 0(NSAP)

000187: *Feb 11 19:49:46.527 UTC:      pktsz: 105 extoff: 52

000188: *Feb 11 19:49:46.527 UTC:  (M) flags: "router auth src-stable nat ", reqid: 6

000189: *Feb 11 19:49:46.527 UTC:      src NBMA: 10.2.0.1

000190: *Feb 11 19:49:46.527 UTC:      src protocol: 192.168.0.20, dst protocol: 192.168.0.10

000191: *Feb 11 19:49:46.527 UTC:  (C-1) code: no error(0)

000192: *Feb 11 19:49:46.527 UTC:        prefix: 32, mtu: 17854, hd_time: 30

000193: *Feb 11 19:49:46.527 UTC:        addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0

000194: *Feb 11 19:49:48.319 UTC: NHRP: Send Resolution Request via Tunnel1 vrf 0, packet size: 105

000195: *Feb 11 19:49:48.319 UTC:  src: 192.168.0.20, dst: 192.168.0.10

000196: *Feb 11 19:49:48.319 UTC:  (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1

000197: *Feb 11 19:49:48.319 UTC:      shtl: 4(NSAP), sstl: 0(NSAP)

000198: *Feb 11 19:49:48.319 UTC:      pktsz: 105 extoff: 52

000199: *Feb 11 19:49:48.319 UTC:  (M) flags: "router auth src-stable nat ", reqid: 6

000200: *Feb 11 19:49:48.319 UTC:      src NBMA: 10.2.0.1

000201: *Feb 11 19:49:48.319 UTC:      src protocol: 192.168.0.20, dst protocol: 192.168.0.10

000202: *Feb 11 19:49:48.319 UTC:  (C-1) code: no error(0)

000203: *Feb 11 19:49:48.319 UTC:        prefix: 32, mtu: 17854, hd_time: 30

000204: *Feb 11 19:49:48.319 UTC:        addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0

000205: *Feb 11 19:49:51.935 UTC: NHRP: Send Resolution Request via Tunnel1 vrf 0, packet size: 105

000206: *Feb 11 19:49:51.935 UTC:  src: 192.168.0.20, dst: 192.168.0.10

000207: *Feb 11 19:49:51.935 UTC:  (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1

000208: *Feb 11 19:49:51.935 UTC:      shtl: 4(NSAP), sstl: 0(NSAP)

000209: *Feb 11 19:49:51.935 UTC:      pktsz: 105 extoff: 52

000210: *Feb 11 19:49:51.935 UTC:  (M) flags: "router auth src-stable nat ", reqid: 6

000211: *Feb 11 19:49:51.935 UTC:      src NBMA: 10.2.0.1

000212: *Feb 11 19:49:51.935 UTC:      src protocol: 192.168.0.20, dst protocol: 192.168.0.10

000213: *Feb 11 19:49:51.935 UTC:  (C-1) code: no error(0)

000214: *Feb 11 19:49:51.935 UTC:        prefix: 32, mtu: 17854, hd_time: 30

000215: *Feb 11 19:49:51.935 UTC:        addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0

SPOKE_2#

000216: *Feb 11 19:49:57.667 UTC: NHRP: Send Registration Request via Tunnel1 vrf 0, packet size: 105

000217: *Feb 11 19:49:57.667 UTC:  src: 192.168.0.20, dst: 192.168.0.2

000218: *Feb 11 19:49:57.667 UTC:  (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1

000219: *Feb 11 19:49:57.667 UTC:      shtl: 4(NSAP), sstl: 0(NSAP)

000220: *Feb 11 19:49:57.667 UTC:      pktsz: 105 extoff: 52

000221: *Feb 11 19:49:57.667 UTC:  (M) flags: "nat ", reqid: 131104

000222: *Feb 11 19:49:57.667 UTC:      src NBMA: 10.2.0.1

000223: *Feb 11 19:49:57.667 UTC:      src protocol: 192.168.0.20, dst protocol: 192.168.0.2

000224: *Feb 11 19:49:57.667 UTC:  (C-1) code: no error(0)un a

000225: *Feb 11 19:49:57.667 UTC:        prefix: 32, mtu: 17854, hd_time: 30

000226: *Feb 11 19:49:57.667 UTC:        addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0

000227: *Feb 11 19:49:58.179 UTC: NHRP: Send Resolution Request via Tunnel1 vrf 0, packet size: 105

000228: *Feb 11 19:49:58.179 UTC:  src: 192.168.0.20, dst: 192.168.0.10

000229: *Feb 11 19:49:58.179 UTC:  (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1

000230: *Feb 11 19:49:58.179 UTC:      shtl: 4(NSAP), sstl: 0(NSAP)

000231: *Feb 11 19:49:58.179 UTC:      pktsz: 105 extoff: 52

000232: *Feb 11 19:49:58.179 UTC:  (M) flags: "router auth src-stable nat ", reqid: 6 ll

000233: *Feb 11 19:49:58.179 UTC:      src NBMA: 10.2.0.1

000234: *Feb 11 19:49:58.179 UTC:      src protocol: 192.168.0.20, dst protocol: 192.168.0.10

000235: *Feb 11 19:49:58.179 UTC:  (C-1) code: no error(0)

000236: *Feb 11 19:49:58.179 UTC:        prefix: 32, mtu: 17854, hd_time: 30

000237: *Feb 11 19:49:58.179 UTC:        addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0

000238: *Feb 11 19:49:59.663 UTC: NHRP: Send Registration Request via Tunnel1 vrf 0, packet size: 105

000239: *Feb 11 19:49:59.663 UTC:  src: 192.168.0.20, dst: 192.168.0.1

000240: *Feb 11 19:49:59.663 UTC:  (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1

000241: *Feb 11 19:49:59.663 UTC:      shtl: 4(NSAP), sstl: 0(NSAP)

000242: *Feb 11 19:49:59.663 UTC:      pktsz: 105 extoff: 52

000243: *Feb 11 19:49:59.663 UTC:  (M) flags: "nat ", reqid: 65569

000244: *Feb 11 19:49:59.663 UTC:      src NBMA: 10.2.0.1

000245: *Feb 11 19:49:59.663 UTC:      src protocol: 192.168.0.20, dst protocol: 192.168.0.1

000246: *Feb 11 19:49:59.663 UTC:  (C-1) code: no error(0)

000247: *Feb 11 19:49:59.663 UTC:        prefix: 32, mtu: 17854, hd_time: 30

000248: *Feb 11 19:49:59.663 UTC:        addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0

000249: *Feb 11 19:49:59.663 UTC: NHRP: Send Registration Request via Tunnel1 vrf 0, packet size: 105

000250: *Feb 11 19:49:59.663 UTC:  src: 192.168.0.20, dst: 192.168.0.2

000251: *Feb 11 19:49:59.663 UTC:  (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1

000252: *Feb 11 19:49:59.663 UTC:      shtl: 4(NSAP), sstl: 0(NSAP)

000253: *Feb 11 19:49:59.663 UTC:      pktsz: 105 extoff: 52

000254: *Feb 11 19:49:59.663 UTC:  (M) flags: "nat ", reqid: 131106

000255: *Feb 11 19:49:59.663 UTC:      src NBMA: 10.2.0.1

000256: *Feb 11 19:49:59.663 UTC:      src protocol: 192.168.0.20, dst protocol: 192.168.0.2

000257: *Feb 11 19:49:59.663 UTC:  (C-1) code: no error(0)

000258: *Feb 11 19:49:59.663 UTC:        prefix: 32, mtu: 17854, hd_time: 30

000259: *Feb 11 19:49:59.663 UTC:        addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0

000260: *Feb 11 19:50:00.167h ip nhrp br

   Target             Via            NBMA           Mode   Intfc   Claimed

192.168.0.1/32       192.168.0.1     141.101.243.16  static   Tu1     <   >

192.168.0.2/32       192.168.0.2     141.101.243.17  static   Tu1     <   >

192.168.0.10/32      192.168.0.10    141.101.243.16  dynamic  Tu1     <   >

SPOKE_2# UTC: NHRP: Receive Registration Reply via Tunnel1 vrf 0, packet size: 145

000261: *Feb 11 19:50:00.167 UTC:  (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1

000262: *Feb 11 19:50:00.167 UTC:      shtl: 4(NSAP), sstl: 0(NSAP)

000263: *Feb 11 19:50:00.167 UTC:      pktsz: 145 extoff: 52

000264: *Feb 11 19:50:00.167 UTC:  (M) flags: "nat ", reqid: 65569

000265: *Feb 11 19:50:00.167 UTC:      src NBMA: 10.2.0.1

000266: *Feb 11 19:50:00.167 UTC:      src protocol: 192.168.0.20, dst protocol: 192.168.0.1

000267: *Feb 11 19:50:00.167 UTC:  (C-1) code: no error(0)

000268: *Feb 11 19:50:00.167 UTC:        prefix: 32, mtu: 17854, hd_time: 30

000269: *Feb 11 19:50:00.167 UTC:        addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0

SPOKE_2#un all

All possible debugging has been turned off

SPOKE_2#sh ip nhrp br

   Target             Via            NBMA           Mode   Intfc   Claimed

192.168.0.1/32       192.168.0.1     141.101.243.16  static   Tu1     <   >

192.168.0.2/32       192.168.0.2     141.101.243.17  static   Tu1     <   >

192.168.0.10/32      192.168.0.10    141.101.243.16  dynamic  Tu1     <   >SPOKE_2#ping 10.0.0.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:

!11 19:49:29.663 UTC:      src protocol: 192.168.0.20, dst protocol: 192.168.0.1

000071: *Feb 11 19:49:29.663 UTC:  (C-1) code: no error(0)

000072: *Feb 11 19:49:29.663 UTC:        prefix: 32, mtu: 17854, hd_time: 30

000073: *Feb 11 19:49:29.663 UTC:        addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0

000074: *Feb 11 19:49:29.663 UTC: NHRP: Send Registration Request via Tunnel1 vrf 0, packet size: 105

000075: *Feb 11 19:49:29.663 UTC:  src: 192.168.0.20, dst: 192.168.0.2

000076: *Feb 11 19:49:29.663 UTC:  (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1

000077: *Feb 11 19:49:29.663 UTC:      shtl: 4(NSAP), sstl: 0(NSAP)

000078: *Feb 11 19:49:29.663 UTC:      pktsz: 105 extoff: 52

000079: *Feb 11 19:49:29.663 UTC:  (M) flags: "nat ", reqid: 131104

000080: *Feb 11 19:49:29.663 UTC:      src NBMA: 10.2.0.1

000081: *Feb 11 19:49:29.663 UTC:      src protocol: 192.168.0.20, dst protocol: 192.168.0.2

000082: *Feb 11 19:49:29.663 UTC:  (C-1) code: no error(0)

000083: *Feb 11 19:49:29.663 UTC:        prefix: 32, mtu: 17854, hd_time: 30

000084: *Feb 11 19:49:29.663 UTC:        addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0

000085: *Feb 11 19:49:30.275 UTC: NHRP: Send Registration Request via Tunnel1 vrf 0, packet size: 105

000086: *Feb 11 19:49:30.275 UTC:  src: 192.168.0.20, dst: 192.168.0.1

000087: *Feb 11 19:49:30.275 UTC:  (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1

000088: *Feb 11 19:49:30.275 UTC:      shtl: 4(NSAP), sstl: 0(NSAP)

000089: *Feb 11 19:49:30.275 UTC:      pktsz: 105 extoff: 52

000090: *Feb 11 19:49:30.275 UTC:  (M) flags: "nat ", reqid: 65567

000091: *Feb 11 19:49:30.275 UTC:      src NBMA: 10.2.0.1

000092: *Feb 11 19:49:30.275 UTC:      src protocol: 192.168.0.20, dst protocol: 192.168.0.1

000093: *Feb 11 19:49:30.275 UTC:  (C-1) code: no error(0)

000094: *Feb 11 19:49:30.275 UTC:        prefix: 32, mtu: 17854, hd_time: 30

000095: *Feb 11 19:49:30.275 UTC:        addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0

000096: *Feb 11 19:49:30.311 UTC: NHRP: Send Registration Request via Tunnel1 vrf 0, packet size: 105

000097: *Feb 11 19:49:30.311 UTC:  src: 192.168.0.20, dst: 192.168.0.2

000098: *Feb 11 19:49:30.311 UTC:  (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1

000099: *Feb 11 19:49:30.311 UTC:      shtl: 4(NSAP), sstl: 0(NSAP)

000100: *Feb 11 19:49:30.311 UTC:      pktsz: 105 extoff: 52

000101: *Feb 11 19:49:30.311 UTC:  (M) flags: "nat ", reqid: 131104

000102: *Feb 11 19:49:30.311 UTC:      src NBMA: 10.2.0.1

000103: *Feb 11 19:49:30.311 UTC:      src protocol: 192.168.0.20, dst protocol: 192.168.0.2

000104: *Feb 11 19:49:3.0.311 UTC:  (C-1) code: no error(0)

000105: *Feb 11 19:49:30.311 UTC:        prefix: 32, mtu: 17854, hd_time: 30

000106: *Feb 11 19:49:30.311 UTC:        addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0

000107: *Feb 11 19:49:31.107 UTC: NHRP: Send Registration Request via Tunnel1 vrf 0, packet size: 105

000108: *Feb 11 19:49:31.107 UTC:  src: 192.168.0.20, dst: 192.168.0.2

000109: *Feb 11 19:49:31.107 UTC:  (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1

000110: *Feb 11 19:49:31.107 UTC:      shtl: 4(NSAP), sstl: 0(NSAP)

000111: *Feb 11 19:49:31.107 UTC:      pktsz: 105 extoff: 52

000112: *Feb 11 19:49:31.107 UTC:  (M) flags: "nat ", reqid: 131104

000113: *Feb 11 19:49:31.107 UTC:      src NBMA: 10.2.0.1

000114: *Feb 11 19:49:31.107 UTC:      src protocol: 192.168.0.20, dst protocol: 192.168.0.2

000115: *Feb 11 19:49:31.107 UTC:  (C-1) code: no error(0)

000116: *Feb 11 19:49:31.107 UTC:        prefix: 32, mtu: 17854, hd_time: 30

000117: *Feb 11 19:49:31.107 UTC:        addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0

000118: *Feb 11 19:49:31.211 UTC: NHRP: Send Registration Request via Tunnel1 vrf 0, packet size: 105

000119: *Feb 11 19:49:31.211 UTC:  src: 192.168.0.20, dst: 192.168.0.1

000120: *Feb 11 19:49:31.211 UTC:  (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1

000121: *Feb 11 19:49:31.211 UTC:      shtl: 4(NSAP), sstl: 0(NSAP)

000122: *Feb 11 19:49:31.211 UTC:      pktsz: 105 extoff: 52

000123: *Feb 11 19:49:31.211 UTC:  (M) flags: "nat ", reqid: 65567

000124: *Feb 11 19:49:31.211 UTC:      src NBMA: 10.2.0.1

000125: *Feb 11 19:49:31.211 UTC:      src protocol: 192.168.0.20, dst protocol: 192.168.0.1

000126: *Feb 11 19:49:31.211 UTC:  (C-1) code: no error(0)

000127: *Feb 11 19:49:31.211 UTC:        prefix: 32, mtu: 17854, hd_time: 30

000128: *Feb 11 19:49:31.211 UTC:        addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0

000129: *Feb 11 19:49:32.555 UTC: NHRP: Send Registration Request via Tunnel1 vrf 0, packet size: 105

000130: *Feb 11 19:49:32.555 UTC:  src: 192.168.0.20, dst: 192.168.0.1

000131: *Feb 11 19:49:32.555 UTC!:  (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1

000132: *Feb 11 19:49:32.555 UTC:      shtl: 4(NSAP), sstl: 0(NSAP)

000133: *Feb 11 19:49:32.555 UTC:      pktsz: 105 extoff: 52

000134: *Feb 11 19:49:32.555 UTC:  (M) flags: "nat ", reqid: 65567

000135: *Feb 11 19:49:32.555 UTC:      src NBMA: 10.2.0.1

000136: *Feb 11 19:49:32.555 UTC:      src protocol: 192.168.0.20, dst protocol: 192.168.0.1

000137: *Feb 11 19:49:32.555 UTC:  (C-1) code: no error(0)

000138: *Feb 11 19:49:32.555 UTC:        prefix: 32, mtu: 17854, hd_time: 30

000139: *Feb 11 19:49:32.555 UTC:        addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0

000140: *Feb 11 19:49:32.667 UTC: NHRP: Send Registration Request via Tunnel1 vrf 0, packet size: 105

000141: *Feb 11 19:49:32.667 UTC:  src: 192.168.0.20, dst: 192.168.0.2

000142: *Feb 11 19:49:32.667 UTC:  (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1

000143: *Feb 11 19:49:32.667 UTC:      shtl: 4(NSAP), sstl: 0(NSAP)

000144: *Feb 11 19:49:32.667 UTC:      pktsz: 105 extoff: 52

000145: *Feb 11 19:49:32.667 UTC:  (M) flags: "nat ", reqid: 131104

000146: *Feb 11 19:49:32.667 UTC:      src NBMA: 10.2.0.1

000147: *Feb 11 19:49:32.667 UTC:      src protocol: 192.168.0.20, dst protocol: 192.168.0.2

000148: *Feb 11 19:49:32.667 UTC:  (C-1) code: no error(0)

000149: *Feb 11 19:49:32.667 UTC:        prefix: 32, mtu: 17854, hd_time: 30

000150: *Feb 11 19:49:32.667 UTC:        addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0

000151: *Feb 11 19:49:33.087 UTC: NHRP: Receive Registration Reply via Tunnel1 vrf 0, packet size: 145

000152: *Feb 11 19:49:33.087 UTC:  (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1

000153: *Feb 11 19:49:33.087 UTC:      shtl: 4(NSAP), sstl: 0(NSAP)

000154: *Feb 11 19:49:33.087 UTC:      pktsz: 145 extoff: 52

000155: *Feb 11 19:49:33.087 UTC:  (M) flags: "nat ", reqid: 65567

000156: *Feb 11 19:49:33.087 UTC:      src NBMA: 10.2.0.1

000157: *Feb 11 19:49:33.087 UTC:      src protocol: 192.168.0.20, dst protocol: 192.168.0.1

000158: *Feb 11 19:49:33.087 UTC:  (C-1) code: no error(0)

000159: *Feb 11 19:49:33.087 UTC:        prefix: 32, mtu: 17854, hd_time: 30

000160: *Feb 11 19:49:33.087 UTC:        addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0

000161: *Feb 11 19:49:36.011 UTC: NHRP: Send Registration Request via Tunnel1 vrf 0, packet size: 105

000162: *Feb 11 19:49:36.011 UTC:  src: 192.168.0.20, dst: 192.168.0.2

000163: *Feb 11 19:49:36.011 UTC:  (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1

000164: *Feb 11 19:49:36.011 UTC:      shtl: 4(NSAP), sstl: 0(NSAP)

000165: *Feb 11 19:49:36.011 UTC:      pktsz: 105 ex!toff: 52

000166: *Feb 11 19:49:36.011 UTC:  (M) flags: "nat ", reqid: 131104

000167: *Feb 11 19:49:36.011 UTC:      src NBMA: 10.2.0.1

000168: *Feb 11 19:49:36.011 UTC:      src protocol: 192.168.0.20, dst protocol: 192.168.0.2

000169: *Feb 11 19:49:36.011 UTC:  (C-1) code: no error(0)

000170: *Feb 11 19:49:36.011 UTC:        prefix: 32, mtu: 17854, hd_time: 30

000171: *Feb 11 19:49:36.011 UTC:        addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0

000172: *Feb 11 19:49:43.871 UTC: NHRP: Send Registration Request via Tunnel1 vrf 0, packet size: 105

000173: *Feb 11 19:49:43.871 UTC:  src: 192.168.0.20, dst: 192.168.0.2

000174: *Feb 11 19:49:43.871 UTC:  (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1

000175: *Feb 11 19:49:43.871 UTC:      shtl: 4(NSAP), sstl: 0(NSAP)

000176: *Feb 11 19:49:43.871 UTC:      pktsz: 105 extoff: 52

000177: *Feb 11 19:49:43.871 UTC:  (M) flags: "nat ", reqid: 131104

000178: *Feb 11 19:49:43.871 UTC:      src NBMA: 10.2.0.1

000179: *Feb 11 19:49:43.871 UTC:      src protocol: 192.168.0.20, dst pro!

Success rate is 80 percent (4/5), round-trip min/avg/max = 616/1121/1876 ms

SPOKE_2#tocol: 192.168.0.2

000180: *Feb 11 19:49:43.871 UTC:  (C-1) code: no error(0)

000181: *Feb 11 19:49:43.871 UTC:        prefix: 32, mtu: 17854, hd_time: 30

000182: *Feb 11 19:49:43.871 UTC:        addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0

000183: *Feb 11 19:49:46.527 UTC: NHRP: Send Resolution Request via Tunnel1 vrf 0, packet size: 105

000184: *Feb 11 19:49:46.527 UTC:  src: 192.168.0.20, dst: 192.168.0.10

000185: *Feb 11 19:49:46.527 UTC:  (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1

000186: *Feb 11 19:49:46.527 UTC:      shtl: 4(NSAP), sstl: 0(NSAP)

000187: *Feb 11 19:49:46.527 UTC:      pktsz: 105 extoff: 52

000188: *Feb 11 19:49:46.527 UTC:  (M) flags: "router auth src-stable nat ", reqid: 6

000189: *Feb 11 19:49:46.527 UTC:      src NBMA: 10.2.0.1

000190: *Feb 11 19:49:46.527 UTC:      src protocol: 192.168.0.20, dst protocol: 192.168.0.10

000191: *Feb 11 19:49:46.527 UTC:  (C-1) code: no error(0)

000192: *Feb 11 19:49:46.527 UTC:        prefix: 32, mtu: 17854, hd_time: 30

000193: *Feb 11 19:49:46.527 UTC:        addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0

000194: *Feb 11 19:49:48.319 UTC: NHRP: Send Resolution Request via Tunnel1 vrf 0, packet size: 105

000195: *Feb 11 19:49:48.319 UTC:  src: 192.168.0.20, dst: 192.168.0.10

000196: *Feb 11 19:49:48.319 UTC:  (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1

000197: *Feb 11 19:49:48.319 UTC:      shtl: 4(NSAP), sstl: 0(NSAP)

000198: *Feb 11 19:49:48.319 UTC:      pktsz: 105 extoff: 52

000199: *Feb 11 19:49:48.319 UTC:  (M) flags: "router auth src-stable nat ", reqid: 6

000200: *Feb 11 19:49:48.319 UTC:      src NBMA: 10.2.0.1

000201: *Feb 11 19:49:48.319 UTC:      src protocol: 192.168.0.20, dst protocol: 192.168.0.10

000202: *Feb 11 19:49:48.319 UTC:  (C-1) code: no error(0)

000203: *Feb 11 19:49:48.319 UTC:        prefix: 32, mtu: 17854, hd_time: 30

000204: *Feb 11 19:49:48.319 UTC:        addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0

000205: *Feb 11 19:49:51.935 UTC: NHRP: Send Resolution Request via Tunnel1 vrf 0, packet size: 105

000206: *Feb 11 19:49:51.935 UTC:  src: 192.168.0.20, dst: 192.168.0.10

000207: *Feb 11 19:49:51.935 UTC:  (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1

000208: *Feb 11 19:49:51.935 UTC:      shtl: 4(NSAP), sstl: 0(NSAP)

000209: *Feb 11 19:49:51.935 UTC:      pktsz: 105 extoff: 52

000210: *Feb 11 19:49:51.935 UTC:  (M) flags: "router auth src-stable nat ", reqid: 6

000211: *Feb 11 19:49:51.935 UTC:      src NBMA: 10.2.0.1

000212: *Feb 11 19:49:51.935 UTC:      src protocol: 192.168.0.20, dst protocol: 192.168.0.10

000213: *Feb 11 19:49:51.935 UTC:  (C-1) code: no error(0)

000214: *Feb 11 19:49:51.935 UTC:        prefix: 32, mtu: 17854, hd_time: 30

000215: *Feb 11 19:49:51.935 UTC:        addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0

SPOKE_2#

000216: *Feb 11 19:49:57.667 UTC: NHRP: Send Registration Request via Tunnel1 vrf 0, packet size: 105

000217: *Feb 11 19:49:57.667 UTC:  src: 192.168.0.20, dst: 192.168.0.2

000218: *Feb 11 19:49:57.667 UTC:  (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1

000219: *Feb 11 19:49:57.667 UTC:      shtl: 4(NSAP), sstl: 0(NSAP)

000220: *Feb 11 19:49:57.667 UTC:      pktsz: 105 extoff: 52

000221: *Feb 11 19:49:57.667 UTC:  (M) flags: "nat ", reqid: 131104

000222: *Feb 11 19:49:57.667 UTC:      src NBMA: 10.2.0.1

000223: *Feb 11 19:49:57.667 UTC:      src protocol: 192.168.0.20, dst protocol: 192.168.0.2

000224: *Feb 11 19:49:57.667 UTC:  (C-1) code: no error(0)un a

000225: *Feb 11 19:49:57.667 UTC:        prefix: 32, mtu: 17854, hd_time: 30

000226: *Feb 11 19:49:57.667 UTC:        addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0

000227: *Feb 11 19:49:58.179 UTC: NHRP: Send Resolution Request via Tunnel1 vrf 0, packet size: 105

000228: *Feb 11 19:49:58.179 UTC:  src: 192.168.0.20, dst: 192.168.0.10

000229: *Feb 11 19:49:58.179 UTC:  (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1

000230: *Feb 11 19:49:58.179 UTC:      shtl: 4(NSAP), sstl: 0(NSAP)

000231: *Feb 11 19:49:58.179 UTC:      pktsz: 105 extoff: 52

000232: *Feb 11 19:49:58.179 UTC:  (M) flags: "router auth src-stable nat ", reqid: 6 ll

All possible debugging has been turned off

SPOKE_2#term no mon

SPOKE_2#un all

All possible debugging has been turned off

SPOKE_2#s

000233: *Feb 11 19:49:58.179 UTC:      src NBMA: 10.2.0.1

000234: *Feb 11 19:49:58.179 UTC:      src protocol: 192.168.0.20, dst protocol: 192.168.0.10

000235: *Feb 11 19:49:58.179 UTC:  (C-1) code: no error(0)

000236: *Feb 11 19:49:58.179 UTC:        prefix: 32, mtu: 17854, hd_time: 30

000237: *Feb 11 19:49:58.179 UTC:        addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0

000238: *Feb 11 19:49:59.663 UTC: NHRP: Send Registration Request via Tunnel1 vrf 0, packet size: 105

000239: *Feb 11 19:49:59.663 UTC:  src: 192.168.0.20, dst: 192.168.0.1

000240: *Feb 11 19:49:59.663 UTC:  (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1

000241: *Feb 11 19:49:59.663 UTC:      shtl: 4(NSAP), sstl: 0(NSAP)

000242: *Feb 11 19:49:59.663 UTC:      pktsz: 105 extoff: 52

000243: *Feb 11 19:49:59.663 UTC:  (M) flags: "nat ", reqid: 65569

000244: *Feb 11 19:49:59.663 UTC:      src NBMA: 10.2.0.1

000245: *Feb 11 19:49:59.663 UTC:      src protocol: 192.168.0.20, dst protocol: 192.168.0.1

000246: *Feb 11 19:49:59.663 UTC:  (C-1) code: no error(0)

000247: *Feb 11 19:49:59.663 UTC:        prefix: 32, mtu: 17854, hd_time: 30

000248: *Feb 11 19:49:59.663 UTC:        addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0

000249: *Feb 11 19:49:59.663 UTC: NHRP: Send Registration Request via Tunnel1 vrf 0, packet size: 105

000250: *Feb 11 19:49:59.663 UTC:  src: 192.168.0.20, dst: 192.168.0.2

000251: *Feb 11 19:49:59.663 UTC:  (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1

000252: *Feb 11 19:49:59.663 UTC:      shtl: 4(NSAP), sstl: 0(NSAP)

000253: *Feb 11 19:49:59.663 UTC:      pktsz: 105 extoff: 52

000254: *Feb 11 19:49:59.663 UTC:  (M) flags: "nat ", reqid: 131106

000255: *Feb 11 19:49:59.663 UTC:      src NBMA: 10.2.0.1

000256: *Feb 11 19:49:59.663 UTC:      src protocol: 192.168.0.20, dst protocol: 192.168.0.2

000257: *Feb 11 19:49:59.663 UTC:  (C-1) code: no error(0)

000258: *Feb 11 19:49:59.663 UTC:        prefix: 32, mtu: 17854, hd_time: 30

000259: *Feb 11 19:49:59.663 UTC:        addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0

000260: *Feb 11 19:50:00.167h ip nhrp br

   Target             Via            NBMA           Mode   Intfc   Claimed

192.168.0.1/32       192.168.0.1     141.101.243.16  static   Tu1     <   >

192.168.0.2/32       192.168.0.2     141.101.243.17  static   Tu1     <   >

192.168.0.10/32      192.168.0.10    141.101.243.16  dynamic  Tu1     <   >

SPOKE_2# UTC: NHRP: Receive Registration Reply via Tunnel1 vrf 0, packet size: 145

000261: *Feb 11 19:50:00.167 UTC:  (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1

000262: *Feb 11 19:50:00.167 UTC:      shtl: 4(NSAP), sstl: 0(NSAP)

000263: *Feb 11 19:50:00.167 UTC:      pktsz: 145 extoff: 52

000264: *Feb 11 19:50:00.167 UTC:  (M) flags: "nat ", reqid: 65569

000265: *Feb 11 19:50:00.167 UTC:      src NBMA: 10.2.0.1

000266: *Feb 11 19:50:00.167 UTC:      src protocol: 192.168.0.20, dst protocol: 192.168.0.1

000267: *Feb 11 19:50:00.167 UTC:  (C-1) code: no error(0)

000268: *Feb 11 19:50:00.167 UTC:        prefix: 32, mtu: 17854, hd_time: 30

000269: *Feb 11 19:50:00.167 UTC:        addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0

SPOKE_2#un all

All possible debugging has been turned off

SPOKE_2#sh ip nhrp br

   Target             Via            NBMA           Mode   Intfc   Claimed

192.168.0.1/32       192.168.0.1     141.101.243.16  static   Tu1     <   >

192.168.0.2/32       192.168.0.2     141.101.243.17  static   Tu1     <   >

192.168.0.10/32      192.168.0.10    141.101.243.16  dynamic  Tu1     <   >

SPOKE_2#

SPOKE_2#

Re: Не работает DMVPN Phase2 (spoke-to-spoke)

Извиняюсь, просто debug nhrp.  Сначала включаете его, дальше clear, потом ping. Чтобы не загромождать тему - найдите, с какого хаба берется 141.101.243.16, и выполните то же на хабе вместе с show ip nhrp.  Ну и все-таки откуда взялся 83.220.224.218 из дебагов выше?

New Member

Re: Не работает DMVPN Phase2 (spoke-to-spoke)

Сделал, что странно:

sh ip nhrp br на SPOKE_1 говорит, что SPOKE_2 - Attrb = DN (Dynamic, NATed, хотя ip внешний)

ip: 141.101.243.16 - это HUB_1

ip: 141.101.243.17 - это HUB_2

Кто такой ip: 83.220.224.218  - загадка...

SPOKE_2:

SPOKE_2#clear ip nhrp

000062: *Feb 12 06:01:00.135 UTC: NHRP: Process delayed resolution request src:192.168.0.10 dst:192.168.0.20

000063: *Feb 12 06:01:00.135 UTC: NHRP: nhrp_rtlookup for destination on 192.168.0.20 yielded interface Tunnel1, prefixlen 22

000064: *Feb 12 06:01:00.135 UTC: NHRP-ATTR: smart spoke feature and attributes are not configured,

000065: *Feb 12 06:01:00.135 UTC: NHRP-ATTR: In nhrp_process_recv_resolution_request eem_decision : TRUE, time : 0, LINE: 6995

000066: *Feb 12 06:01:00.135 UTC: NHRP: This is a forwarded packet

000067: *Feb 12 06:01:00.135 UTC: NHRP: nhrp_rtlookup on 192.168.0.20 yielded interface Tunnel1, prefixlen 22

000068: *Feb 12 06:01:00.135 UTC: NHRP: Request was to us, responding with ouraddress

000069: *Feb 12 06:01:00.135 UTC: NHRP: Checking for delayed event 192.168.0.10/192.168.0.20 on list (Tunnel1).

000070: *Feb 12 06:01:00.135 UTC: NHRP: No node found.

000071: *Feb 12 06:01:00.135 UTC: NHRP: >>> nhrp_need_to_delay: ENQUEUED Delaying resolution request nbma src:10.2.0.1 nbma dst:83.220.2                                                                                                     24.173 reason:IPSEC-IFC: need to wait for IPsec SAs.

000072: *Feb 12 06:01:00.135 UTC: NHRP-ATTR: In nhrp_cache_pak LINE: 1405

SPOKE_2#ping 10.0.0.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:

000073: *Feb 12 06:01:07.619 UTC: NHRP: NHRP could not map 192.168.0.10 to NBMA, cache entry not found

000074: *Feb 12 06:01:07.619 UTC: NHRP: MACADDR: if_in null netid-in 0 if_out Tunnel1 netid-out 1

000075: *Feb 12 06:01:07.619 UTC: NHRP: Sending packet to NHS 192.168.0.1 on Tunnel1

000076: *Feb 12 06:01:07.619 UTC: NHRP: Checking for delayed event NULL/192.168.0.10 on list (Tunnel1).

000077: *Feb 12 06:01:07.619 UTC: NHRP: No node found.

000078: *Feb 12 06:01:07.623 UTC: NHRP: Adding Tunnel Endpoints (VPN: 192.168.0.10, NBMA: 141.101.243.16)

000079: *Feb 12 06:01:07.623 UTC: NHRP: NHRP subblock already exists for Tunnel Endpoints (VPN: 192.168.0.10, NBMA: 141.101.243.16)

000080: *Feb 12 06:01:07.623 UTC: NHRP: Enqueued NHRP Resolution Request for destination: 192.168.0.10

000081: *Feb 12 06:01:07.635 UTC: NHRP: Checking for delayed event NULL/192.168.0.10 on list (Tunnel1).

000082: *Feb 12 06:01:07.635 UTC: NHRP: No node found.

000083: *Feb 12 06:01:07.635 UTC: NHRP-ATTR:  Requester Ext Len: Total ext_len  with NHRP attribute VPE 53

000084: *Feb 12 06:01:07.635 UTC: NHRP: Sending NHRP Resolution Request for dest: 192.168.0.10 to nexthop: 192.168.0.10 using our src: 1                                                                                                     92.168.0.20

000085: *Feb 12 06:01:07.635 UTC: NHRP: Attempting to send packet via DEST 192.168.0.10

000086: *Feb 12 06:01:07.635 UTC: NHRP: Encapsulation succeeded.  Sending NHRP Control Packet  NBMA Address: 141.101.243.16

000087: *Feb 12 06:01:07.635 UTC: NHRP: Send Resolution Request via Tunnel1 vrf 0, packet size: 105

000088: *Feb 12 06:01:07.635 UTC:       src: 192.168.0.20, dst: 192.168.0.10

000089: *Feb 12 06:01:07.635 UTC: NHRP: 133 bytes out Tunnel1 .

000090: *Feb 12 06:01:09.539 UTC: NHRP: Checking for delayed event NULL/192.168.0.10 on list (Tunnel1).

000091: *Feb 12 06:01:09.539 UTC: NHRP: No node found.

000092: *Feb 12 06:01:09.539 UTC: NHRP-ATTR:  Requester Ext Len: Total ext_len  with NHRP attribute VPE 53

000093: *Feb 12 06:01:09.539 UTC: NHRP: Sending NHRP Resolution Request for dest: 192.168.0.10 to nexthop: 192.168.0.10 using our src: 1                                                                                                     92.168.0.20

000094: *Feb 12 06:01:09.539 UTC: NHRP: Attempting to send packet via DEST 192.168.0.10

000095: *Feb 12 06:01:09.539 UTC: NHRP: Encapsulation succeeded.  Sending NHRP Control Packet  NBMA Address: 141.101.243.16

000096: *Feb 12 06:01:09.539 UTC: NHRP: Send Resolution Request via Tunnel1 vrf 0, packet size: 105

000097: *Feb 12 06:01:09.539 UTC:       src: 192.168.0.20, dst: 192.168.0.10

000098: *Feb 12 06:01:09.539 UTC: NHRP: 133 bytes out Tunnel1 .

000099: *Feb 12 06:01:11.767 UTC: NHRP-ATTR:  Requester Ext Len: Total ext_len  with NHRP attribute VPE 53

000100: *Feb 12 06:01:11.767 UTC: NHRP: Attempting to send packet via DEST 192.168.0.1

000101: *Feb 12 06:01:11.767 UTC: NHRP: Encapsulation succeeded.  Sending NHRP Control Packet  NBMA Address: 141.101.243.16

000102: *Feb 12 06:01:11.767 UTC: NHRP: Send Registration Request via Tunnel1 vrf 0, packet size: 105

000103: *Feb 12 06:01:11.767 UTC:       src: 192.168.0.20, dst: 192.168.0.1

000104: *Feb 12 06:01:11.767 UTC: NHRP: 133 bytes out Tunnel1

000105: *Feb 12 06:01:11.767 UTC: NHRP-ATTR:  Requester Ext Len: Total ext_len  with NHRP attribute VPE 53

000106: *Feb 12 06:01:11.767 UTC: NHRP: Attempting to send packet via DEST 192.168.0.2

000107: *Feb 12 06:01:11.767 UTC: NHRP: Encapsulation succeeded.  Sending NHRP Control Packet  NBMA Address: 141.101.243.17

000108: *Feb 12 06:01:11.767 UTC: NHRP: Send Registration Request via Tunnel1 vrf 0, packet size: 105

000109: *Feb 12 06:01:11.767 UTC:       src: 192.168.0.20, dst: 192.168.0.2

000110: *Feb 12 06:01:11.767 UTC: NHRP: 133 bytes out Tunnel1

000111: *Feb 12 06:01:12.523 UTC: NHRP: Setting retrans delay to 2 for nhs  dst 192.168.0.2

000112: *Feb 12 06:01:12.523 UTC: NHRP-ATTR:  Requester Ext Len: Total ext_len  with NHRP attribute VPE 53

000113: *Feb 12 06:01:12.523 UTC: NHRP: Attempting to send packet via DEST 192.168.0.2

000114: *Feb 12 06:01:12.523 UTC: NHRP: Encapsulation succeeded.  Sending NHRP Control Packet  NBMA Address: 141.101.243.17

000115: *Feb 12 06:01:12.523 UTC: NHRP: Send Registration Request via Tunnel1 vrf 0, packet size: 105

000116: *Feb 12 06:01.:12.523 UTC:       src: 192.168.0.20, dst: 192.168.0.2

000117: *Feb 12 06:01:12.523 UTC: NHRP: 133 bytes out Tunnel1

000118: *Feb 12 06:01:12.551 UTC: NHRP: Setting retrans delay to 2 for nhs  dst 192.168.0.1

000119: *Feb 12 06:01:12.551 UTC: NHRP-ATTR:  Requester Ext Len: Total ext_len  with NHRP attribute VPE 53

000120: *Feb 12 06:01:12.551 UTC: NHRP: Attempting to send packet via DEST 192.168.0.1

000121: *Feb 12 06:01:12.551 UTC: NHRP: Encapsulation succeeded.  Sending NHRP Control Packet  NBMA Address: 141.101.243.16

000122: *Feb 12 06:01:12.551 UTC: NHRP: Send Registration Request via Tunnel1 vrf 0, packet size: 105

000123: *Feb 12 06:01:12.551 UTC:       src: 192.168.0.20, dst: 192.168.0.1

000124: *Feb 12 06:01:12.551 UTC: NHRP: 133 bytes out Tunnel1

000125: *Feb 12 06:01:12.571 UTC: NHRP: Checking for delayed event NULL/192.168.0.10 on list (Tunnel1).

000126: *Feb 12 06:01:12.571 UTC: NHRP: No node found.

000127: *Feb 12 06:01:12.571 UTC: NHRP-ATTR:  Requester Ext Len: Total ext_len  with NHRP attribute VPE 53

000128: *Feb 12 06:01:12.571 UTC: NHRP: Sending NHRP Resolution Request for dest: 192.168.0.10 to nexthop: 192.168.0.10 using our src: 1                                                                                                     92.168.0.20

000129: *Feb 12 06:01:12.571 UTC: NHRP: Attempting to send packet via DEST 192.168.0.10

000130: *Feb 12 06:01:12.571 UTC: NHRP: Encapsulation succeeded.  Sending NHRP Control Packet  NBMA Address: 141.101.243.16

000131: *Feb 12 06:01:12.571 UTC: NHRP: Send Resolution Request via Tunnel1 vrf 0, packet size: 105

000132: *Feb 12 06:01:12.571 UTC:       src: 192.168.0.20, dst: 192.168.0.10

000133: *Feb 12 06:01:12.571 UTC: NHRP: 133 bytes out Tunnel1

000134: *Feb 12 06:01:12.823 UTC: NHRP-ATTR: ext_type: 32771, ext_len : 20

000135:. *Feb 12 06:01:12.823 UTC: NHRP-ATTR: ext_type: 32772, ext_len : 0

000136: *Feb 12 06:01:12.823 UTC: NHRP-ATTR: ext_type: 32773, ext_len : 0

000137: *Feb 12 06:01:12.823 UTC: NHRP-ATTR: ext_type: 32775, ext_len : 9

000138: *Feb 12 06:01:12.823 UTC: NHRP-ATTR: ext_type: 9, ext_len : 40

000139: *Feb 12 06:01:12.823 UTC: NHRP-ATTR: ext_type: 32768, ext_len : 0

000140: *Feb 12 06:01:12.823 UTC: NHRP: Receive Registration Reply via Tunnel1 vrf 0, packet size: 145

000141: *Feb 12 06:01:12.823 UTC: NHRP: netid_in = 0, to_us = 1

000142: *Feb 12 06:01:12.959 UTC: NHRP-ATTR: ext_type: 32771, ext_len : 20

000143: *Feb 12 06:01:12.959 UTC: NHRP-ATTR: ext_type: 32772, ext_len : 0

000144: *Feb 12 06:01:12.959 UTC: NHRP-ATTR: ext_type: 32773, ext_len : 0

000145: *Feb 12 06:01:12.959 UTC: NHRP-ATTR: ext_type: 32775, ext_len : 9

000146: *Feb 12 06:01:12.959 UTC: NHRP-ATTR: ext_type: 9, ext_len : 40

000147: *Feb 12 06:01:12.959 UTC: NHRP-ATTR: ext_type: 32768, ext_len : 0

000148: *Feb 12 06:01:12.959 UTC: NHRP: Receive Registration Reply via Tunnel1 vrf 0, packet size: 145

000149: *Feb 12 06:01:12.959 UTC: NHRP: netid_in = 0, to_us = 1

000150: *Feb 12 06:01:13.799 UTC: NHRP-ATTR: ext_type: 32771, ext_len : 20

000151: *Feb 12 06:01:13.799 UTC: NHRP-ATTR: ext_type: 32772, ext_len : 0

000152: *Feb 12 06:01:13.799 UTC: NHRP-ATTR: ext_type: 32773, ext_len : 0

000153: *Feb 12 06:01:13.799 UTC: NHRP-ATTR: ext_type: 32775, ext_len : 9

000154: *Feb 12 06:01:13.799 UTC: NHRP-ATTR: ext_type: 9, ext_len : 40

000155: *Feb 12 06:01:13.799 UTC: NHRP-ATTR: ext_type: 32768, ext_len : 0

000156: *Feb 12 06:01:13.799 UTC: NHRP: Receive Registration Reply via Tunnel1 vrf 0, packet .

Success rate is 0 percent (0/5)

SPOKE_2#size: 145

000157: *Feb 12 06:01:13.803 UTC: NHRP: netid_in = 0, to_us = 1

000158: *Feb 12 06:01:13.903 UTC: NHRP-ATTR: ext_type: 32771, ext_len : 20

000159: *Feb 12 06:01:13.903 UTC: NHRP-ATTR: ext_type: 32772, ext_len : 0

000160: *Feb 12 06:01:13.903 UTC: NHRP-ATTR: ext_type: 32773, ext_len : 0

000161: *Feb 12 06:01:13.903 UTC: NHRP-ATTR: ext_type: 32775, ext_len : 9

000162: *Feb 12 06:01:13.903 UTC: NHRP-ATTR: ext_type: 9, ext_len : 40

000163: *Feb 12 06:01:13.903 UTC: NHRP-ATTR: ext_type: 32768, ext_len : 0

000164: *Feb 12 06:01:13.903 UTC: NHRP: Receive Registration Reply via Tunnel1 vrf 0, packet size: 145

000165: *Feb 12 06:01:13.903 UTC: NHRP: netid_in = 0, to_us = 1

000166: *Feb 12 06:01:18.939 UTC: NHRP: Checking for delayed event NULL/192.168.0.10 on list (Tunnel1).

000167: *Feb 12 06:01:18.939 UTC: NHRP: No node found.

000168: *Feb 12 06:01:18.939 UTC: NHRP-ATTR:  Requester Ext Len: Total ext_len  with NHRP attribute VPE 53

000169: *Feb 12 06:01:18.939 UTC: NHRP: Sending NHRP Resolution Request for dest: 192.168.0.10 to nexthop: 192.168.0.10 using our src: 1                                                                                                     92.168.0.20

000170: *Feb 12 06:01:18.939 UTC: NHRP: Attempting to send packet via DEST 192.168.0.10

000171: *Feb 12 06:01:18.939 UTC: NHRP: Encapsulation succeeded.  Sending NHRP Control Packet  NBMA Address: 141.101.243.16

SPOKE_2#

000172: *Feb 12 06:01:18.939 UTC: NHRP: Send Resolution Request via Tunnel1 vrf 0, packet size: 105

000173: *Feb 12 06:01:18.939 UTC:       src: 192.168.0.20, dst: 192.168.0.10

000174: *Feb 12 06:01:18.939 UTC: NHRP: 133 bytes out Tunnel1 sgh ip

   Target             Via            NBMA           Mode   Intfc   Claimed

192.168.0.1/32       192.168.0.1     141.101.243.16  static   Tu1     <   >

192.168.0.2/32       192.168.0.2     141.101.243.17  static   Tu1     <   >

192.168.0.10/32      192.168.0.10    141.101.243.16  dynamic  Tu1     <   >

####

SPOKE_1

001753: *Feb 12 06:14:35.721 UTC: NHRP: Calling for delete of Tunnel Endpoints (VPN: 192.168.0.20, NBMA: 141.101.243.17)

001754: *Feb 12 06:14:35.721 UTC: NHRP: Cleanup up 0 stale cache entries

001755: *Feb 12 06:14:35.721 UTC: NHRP: Deleting delayed event for NBMA 141.101.243.17 on list (Tunnel1).2.0.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.2.0.1, timeout is 2 seconds:

001756: *Feb 12 06:14:38.257 UTC: NHRP: NHRP could not map 192.168.0.20 to NBMA, cache entry not found

001757: *Feb 12 06:14:38.257 UTC: NHRP: MACADDR: if_in null netid-in 0 if_out Tunnel1 netid-out 1

001758: *Feb 12 06:14:38.257 UTC: NHRP: Sending packet to NHS 192.168.0.1 on Tunnel1

001759: *Feb 12 06:14:38.257 UTC: NHRP: Checking for delayed event NULL/192.168.0.20 on list (Tunnel1).

001760: *Feb 12 06:14:38.257 UTC: NHRP: No node found.

001761: *Feb 12 06:14:38.257 UTC: NHRP: Adding Tunnel Endpoints (VPN: 192.168.0.20, NBMA: 141.101.243.16)

001762: *Feb 12 06:14:38.257 UTC: NHRP: Successfully attached NHRP subblock for Tunnel Endpoints (VPN: 192.168.0.20, NBMA: 141.101.243.1                                                                                                     6)

001763: *Feb 12 06:14:38.257 UTC: NHRP: Enqueued NHRP Resolution Request for destination: 192.168.0.20

001764: *Feb 12 06:14:38.269 UTC: NHRP: Checking for delayed event NULL/192.168.0.20 on list (Tunnel1).

001765: *Feb 12 06:14:38.269 UTC: NHRP: No node found.

001766: *Feb 12 06:14:38.269 UTC: NHRP-ATTR:  Requester Ext Len: Total ext_len  with NHRP attribute VPE 33

001767: *Feb 12 06:14:38.269 UTC: NHRP: Sending NHRP Resolution Request for dest: 192.168.0.20 to nexthop: 192.168.0.20 using our src: 1                                                                                                     92.168.0.10

001768: *Feb 12 06:14:38.269 UTC: NHRP: Attempting to send packet via DEST 192.168.0.20

001769: *Feb 12 06:14:38.269 UTC: NHRP: Encapsulation succeeded.  Sending NHRP Control Packet  NBMA Address: 141.101.243.16

001770: *Feb 12 06:14:38.269 UTC: NHRP: Send Resolution Request via Tunnel1 vrf 0, packet size: 85

001771: *Feb 12 06:14:38.269 UTC:       src: 192.168.0.10, dst: 192.168.0.20

001772: *Feb 12 06:14:38.269 UTC: NHRP: 113 bytes out Tunnel1 .

001773: *Feb 12 06:14:39.961 UTC: NHRP: Checking for delayed event NULL/192.168.0.20 on list (Tunnel1).

001774: *Feb 12 06:14:39.961 UTC: NHRP: No node found.

001775: *Feb 12 06:14:39.961 UTC: NHRP-ATTR:  Requester Ext Len: Total ext_len  with NHRP attribute VPE 33

001776: *Feb 12 06:14:39.961 UTC: NHRP: Sending NHRP Resolution Request for dest: 192.168.0.20 to nexthop: 192.168.0.20 using our src: 1                                                                                                     92.168.0.10

001777: *Feb 12 06:14:39.961 UTC: NHRP: Attempting to send packet via DEST 192.168.0.20

001778: *Feb 12 06:14:39.961 UTC: NHRP: Encapsulation succeeded.  Sending NHRP Control Packet  NBMA Address: 141.101.243.16

001779: *Feb 12 06:14:39.961 UTC: NHRP: Send Resolution Request via Tunnel1 vrf 0, packet size: 85

001780: *Feb 12 06:14:39.961 UTC:       src: 192.168.0.10, dst: 192.168.0.20

001781: *Feb 12 06:14:39.961 UTC: NHRP: 113 bytes out Tunnel1 ..

001782: *Feb 12 06:14:43.797 UTC: NHRP: Checking for delayed event NULL/192.168.0.20 on list (Tunnel1).

001783: *Feb 12 06:14:43.797 UTC: NHRP: No node found.

001784: *Feb 12 06:14:43.797 UTC: NHRP-ATTR:  Requester Ext Len: Total ext_len  with NHRP attribute VPE 33

001785: *Feb 12 06:14:43.797 UTC: NHRP: Sending NHRP Resolution Request for dest: 192.168.0.20 to nexthop: 192.168.0.20 using our src: 1                                                                                                     92.168.0.10

001786: *Feb 12 06:14:43.797 UTC: NHRP: Attempting to send packet via DEST 192.168.0.20

001787: *Feb 12 06:14:43.797 UTC: NHRP: Encapsulation succeeded.  Sending NHRP Control Packet  NBMA Address: 141.101.243.16

001788: *Feb 12 06:14:43.797 UTC: NHRP: Send Resolution Request via Tunnel1 vrf 0, packet size: 85

001789: *Feb 12 06:14:43.797 UTC:       src: 192.168.0.10, dst: 192.168.0.20

001790: *Feb 12 06:14:43.797 UTC: NHRP: 113 bytes out Tunnel1 ..

Success rate is 0 percent (0/5)

SPOKE_1#

001791: *Feb 12 06:14:49.533 UTC: NHRP-ATTR:  Requester Ext Len: Total ext_len  with NHRP attribute VPE 53

001792: *Feb 12 06:14:49.533 UTC: NHRP: Attempting to send packet via DEST 192.168.0.1

001793: *Feb 12 06:14:49.533 UTC: NHRP: Encapsulation succeeded.  Sending NHRP Control Packet  NBMA Address: 141.101.243.16

001794: *Feb 12 06:14:49.533 UTC: NHRP: Send Registration Request via Tunnel1 vrf 0, packet size: 105

001795: *Feb 12 06:14:49.533 UTC:       src: 192.168.0.10, dst: 192.168.0.1

001796: *Feb 12 06:14:49.533 UTC: NHRP: 133 bytes out Tunnel1

001797: *Feb 12 06:14:49.533 UTC: NHRP-ATTR:  Requester Ext Len: Total ext_len  with NHRP attribute VPE 53

001798: *Feb 12 06:14:49.533 UTC: NHRP: Attempting to send packet via DEST 192.168.0.2

001799: *Feb 12 06:14:49.533 UTC: NHRP: Encapsulation succeeded.  Sending NHRP Control Packet  NBMA Address: 141.101.243.17

001800: *Feb 12 06:14:49.533 UTC: NHRP: Send Registration Request via Tunnel1 vrf 0, packet size: 105

001801: *Feb 12 06:14:49.533 UTC:       src: 192.168.0.10, dst: 192.168.0.2

001802: *Feb 12 06:14:49.533 UTC: NHRP: 133 bytes out Tunnel1

001803: *Feb 12 06:14:50.377 UTC: NHRP: Setting retrans delay to 2 for nhs  dst 192.168.0.2

001804: *Feb 12 06:14:50.377 UTC: NHRP-ATTR:  Requester Ext Len: Total ext_len  with NHRP attribute VPE 53

001805: *Feb 12 06:14:50.377 UTC: NHRP: Attempting to send packet via DEST 192.168.0.2

001806: *Feb 12 06:14:50.377 UTC: NHRP: Encapsulation succeeded.  Sending NHRP Control Packet  NBMA Address: 141.101.243.17

001807: *Feb 12 06:14:50.377 UTC: NHRP: Send Registration Request via Tunnel1 vrf 0, packet size: 105

001808: *Feb 12 06:14:50.377 UTC:       src: 192.168.0.10, dst: 192.168.0.2

001809: *Feb 12 06:14:50.377 UTC: NHRP: 133 bytes out Tunnel1

001810: *Feb 12 06:14:50.397 UTC: NHRP: Setting retrans delay to 2 for nhs  dst 192.168.0.1

001811: *Feb 12 06:14:50.397 UTC: NHRP-ATTR:  Requester Ext Len: Total ext_len  with NHRP attribute VPE 53

001812: *Feb 12 06:14:50.397 UTC: NHRP: Attempting to send packet via DEST 192.168.0.1

001813: *Feb 12 06:14:50.397 UTC: NHRP: Encapsulation succeeded.  Sending NHRP Control Packet  NBMA Address: 141.101.243.16

001814: *Feb 12 06:14:50.397 UTC: NHRP: Send Registration Request via Tunnel1 vrf 0, packet size: 105

001815: *Feb 12 06:14:50.397 UTC:       src: 192.168.0.10, dst: 192.168.0.1

001816: *Feb 12 06:14:50.397 UTC: NHRP: 133 bytes out Tunnel1

001817: *Feb 12 06:14:50.789 UTC: NHRP: Setting cache expiry for 141.101.243.16 to 1 milliseconds in cache

001818: *Feb 12 06:14:50.789 UTC: NHRP: NHS-DOWN: 192.168.0.1

001819: *Feb 12 06:14:50.789 UTC: NHRP: Calling for delete of Tunnel Endpoints (VPN: 192.168.0.20, NBMA: 141.101.243.16)

001820: *Feb 12 06:14:50.789 UTC: NHRP: Cleanup up 0 stale cache entries

001821: *Feb 12 06:14:50.789 UTC: NHRP: Deleting delayed event for NBMA 141.101.243.16 on list (Tunnel1).

001822: *Feb 12 06:14:50.789 UTC: NHRP: Resetting retransmit for NHS: 192.168.0.1

001823: *Feb 12 06:14:50.789 UTC: NHRP: NHS 192.168.0.1 Tunnel1 vrf 0 Cluster 0 Priority 0 Transitioned to 'E' from 'RE'

001824: *Feb 12 06:14:50.793 UTC: NHRP: Setting retrans delay to 1 for nhs  dst 192.168.0.1

001825: *Feb 12 06:14:50.793 UTC: NHRP-ATTR:  Requester Ext Len: Total ext_len  with NHRP attribute VPE 53

001826: *Feb 12 06:14:50.793 UTC: NHRP: Attempting to send packet via DEST 192.168.0.1

001827: *Feb 12 06:14:50.793 UTC: NHRP: Encapsulation succeeded.  Sending NHRP Control Packet  NBMA Address: 141.101.243.16

001828: *Feb 12 06:14:50.793 UTC: NHRP: Send Registration Request via Tunnel1 vrf 0, packet size: 105

001829: *Feb 12 06:14:50.793 UTC:       src: 192.168.0.10, dst: 192.168.0.1

001830: *Feb 12 06:14:50.793 UTC: NHRP: 133 bytes out Tunnel1

001831: *Feb 12 06:14:51.625 UTC: NHRP: Setting retrans delay to 2 for nhs  dst 192.168.0.1

001832: *Feb 12 06:14:51.625 UTC: NHRP-ATTR:  Requester Ext Len: Total ext_len  with NHRP attribute VPE 53

001833: *Feb 12 06:14:51.625 UTC: NHRP: Attempting to send packet via DEST 192.168.0.1

001834: *Feb 12 06:14:51.625 UTC: NHRP: Encapsulation succeeded.  Sending NHRP Control Packet  NBMA Address: 141.101.243.16

001835: *Feb 12 06:14:51.625 UTC: NHRP: Send Registration Request via

SPOKE_1#un alTunnel1 vrf 0, packet size: 105

001836: *Feb 12 06:14:51.625 UTC:       src: 192.168.0.10, dst: 192.168.0.1

001837: *Feb 12 06:14:51.625 UTC: NHRP: 133 bytes out Tunnel1

001838: *Feb 12 06:14:51.689 UTC: NHRP: Setting cache expiry for 141.101.243.17 to 1 milliseconds in cache

001839: *Feb 12 06:14:51.689 UTC: NHRP: NHS-DOWN: 192.168.0.2

001840: *Feb 12 06:14:51.689 UTC: NHRP: Resetting retransmit for NHS: 192.168.0.2

001841: *Feb 12 06:14:51.689 UTC: NHRP: NHS 192.168.0.2 Tunnel1 vrf 0 Cluster 0 Priority 0 Transitioned to 'E' from 'RE'

001842: *Feb 12 06:14:51.693 UTC: NHRP: Setting retrans delay to 1 for nhs  dst 192.168.0.2

001843: *Feb 12 06:14:51.693 UTC: NHRP-ATTR:  Requester Ext Len: Total ext_len  with NHRP attribute VPE 53

001844: *Feb 12 06:14:51.693 UTC: NHRP: Attempting to send packet via DEST 192.168.0.2

001845: *Feb 12 06:14l

All possible debugging has been turned off

SPOKE_1#term no :51.693 UTC: NHRP: Encapsulation succeeded.  Sending NHRP Control Packet  NBMA Address: 141.101.243.17

001846: *Feb 12 06:14:51.693 UTC: NHRP: Send Registration Request via Tunnel1 vrf 0, packet size: 105

001847: *Feb 12 06:14:51.693 UTC:       src: 192.168.0.10, dst: 192.168.0.2

001848: *Feb 12 06:14:51.693 UTC: NHRP: 133 bytes out Tunnel1

001849: *Feb 12 06:14:52.605 UTC: NHRP: Setting retrans delay to 2 for nhs  dst 192.168.0.2

001850: *Feb 12 06:14:52.605 UTC: NHRP-ATTR:  Requester Ext Len: Total ext_len  with NHRP attribute VPE 53

001851: *Feb 12 06:14:52.605 UTC: NHRP: Attempting to send packet via DEST 192.168.0.2

001852: *Feb 12 06:14:52.605 UTC: NHRP: Encapsulation succeeded.  Sending NHRP Control Packet  NBMA Address: 141.101.243.17

001853: *Feb 12 06:14:52.605 UTC: NHRmon

SPOKE_1#un P: Send Registration Request via Tunnel1 vrf 0, packet size: 105

001854: *Feb 12 06:14:52.605 UTC:       src: 192.168.0.10, dst: 192.168.0.2

001855: *Feb 12 06:14:52.605 UTC: NHRP: 133 bytes out Tunnel1

001856: *Feb 12 06:14:53.601 UTC: NHRP: Setting retrans delay to 4 for nhs  dst 192.168.0.1

001857: *Feb 12 06:14:53.601 UTC: NHRP-ATTR:  Requester Ext Len: Total ext_len  with NHRP attribute VPE 53

001858: *Feb 12 06:14:53.601 UTC: NHRP: Attempting to send packet via DEST 192.168.0.1

001859: *Feb 12 06:14:53.601 UTC: NHRP: Encapsulation succeeded.  Sending NHRP Control Packet  NBMA Address: 141.101.243.16

001860: *Feb 12 06:14:53.601 UTC: NHRP: Send Registration Request via Tunnel1 vrf 0, packet size: 105

001861: *Feb 12 06:14:53.601 UTC:       src: 192.168.0.10, dst: 192.168.0.1

001862: *Feb 12 06:14:53.601 UTC: NHRP: 133 ball

All possible debugging has been turned off

SPOKE_1#term nytes out Tunnel1

001863: *Feb 12 06:14:54.385 UTC: NHRP: Setting retrans delay to 4 for nhs  dst 192.168.0.2

001864: *Feb 12 06:14:54.385 UTC: NHRP-ATTR:  Requester Ext Len: Total ext_len  with NHRP attribute VPE 53

001865: *Feb 12 06:14:54.385 UTC: NHRP: Attempting to send packet via DEST 192.168.0.2

001866: *Feb 12 06:14:54.385 UTC: NHRP: Encapsulation succeeded.  Sending NHRP Control Packet  NBMA Address: 141.101.243.17

001867: *Feb 12 06:14:54.385 UTC: NHRP: Send Registration Request via Tunnel1 vrf 0, packet size: 105

001868: *Feb 12 06:14:54.385 UTC:       src: 192.168.0.10, dst: 192.168.0.2

001869: *Feb 12 06:14:54.385 UTC: NHRP: 133 bytes out Tunnel1 o mon

SPOKE_1#sh ip nhrp br

   Target             Via            NBMA           Mode   Intfc   Claimed

192.168.0.1/32       192.168.0.1     141.101.243.16  static   Tu1     <   >

192.168.0.2/32       192.168.0.2     141.101.243.17  static   Tu1     <   >

192.168.0.20/32      192.168.0.20    141.101.243.16  dynamic  Tu1     <   >

New Member

Re: Не работает DMVPN Phase2 (spoke-to-spoke)

Я забыл на споках указать :

ip nhrp map multicast dynamic

100 раз вроде всё проверил...

Всё равно на споках sh ip nhrp br совсем другой чем на HUB1/2.

##

002620: *Feb 12 09:39:00.260 UTC: NHRP: NHRP could not map 192.168.0.20 to NBMA, cache entry not found

002621: *Feb 12 09:39:00.260 UTC: NHRP: MACADDR: if_in null netid-in 0 if_out Tunnel1 netid-out 1

002622: *Feb 12 09:39:00.260 UTC: NHRP: Sending packet to NHS 192.168.0.1 on Tunnel1

002623: *Feb 12 09:39:00.260 UTC: NHRP: Checking for delayed event NULL/192.168.0.20 on list (Tunnel1).

002624: *Feb 12 09:39:00.260 UTC: NHRP: No node found.

002625: *Feb 12 09:39:00.260 UTC: NHRP: Adding Tunnel Endpoints (VPN: 192.168.0.20, NBMA: 141.101.243.16)

Туннельные ip между SPOKE1 -> SPOKE2 не доступны..

ip 83.220.224.218 -


JSC "VimpelCom"

GPRS in regions

Re: Не работает DMVPN Phase2 (spoke-to-spoke)

Хорошо бы еще сделать ip nhrp redirect на хабах и ip nhrp shortcut на споках...

New Member

Re: Не работает DMVPN Phase2 (spoke-to-spoke)

А смысл мне DMVPN Phase3 включать ?

Мне бы хотя-бы завести нормально Phase2..вообщем плюнул и сделал Phase1.

Re: Не работает DMVPN Phase2 (spoke-to-spoke)

У Phase 3 изменена логика работы NHRP, убраны многие ограничения.

Вам ведь надо просто поднять spoke-to-spoke туннели, а не просто принципиально завести именно phase 2? Или у вас там споков куда больше, чем два?

New Member

Re: Не работает DMVPN Phase2 (spoke-to-spoke)

Споков прям сейчас ~ 100 будет ~ 300/400.

Re: Не работает DMVPN Phase2 (spoke-to-spoke)

Так spoke-to-spoke не работает у всех, или только у этих двоих между собой? Пинг между их внешними адресами работает стабильно?

New Member

Re: Не работает DMVPN Phase2 (spoke-to-spoke)

У меня их пока всего две штуки в тесте, а в продуктиве ~ 100 Site-to-Site VPN + будет ~150.

В итоге я забил, сделал Phase1 и ладно.

Re: Не работает DMVPN Phase2 (spoke-to-spoke)

Все-таки попробуйте сразу phase 3 (на всякий случай - во внерабочее время и т.д.). То, что phase 2 не работает как надо, ни о чем не говорит вообще. Они просто очень разные. Проблема с phase 2 либо в том, что мы какую-то мелочь упускаем, либо в баге, который не обязан воспроизвестись в phase 3. Да и для 300/400 споков он поприятнее будет.

dmvpn.PNG

475
Просмотры
0
Полезный материал
18
Ответы