I hope someone has a few ideas here, I have configured dmvpn with ezvpn run running eigrp as the routing protocol running via the created tunnel.
This works as expected when the routers at either end of the tunnels do not pass through a ASA firewall.
As soon as I introduce the firewall between dmvpn peers with the appropriate rules to allow gre, udp500 and esp, it works but the eigrp peering only stays up for 1min 20 sec, it then bounces and continues to do this so the eigrp never really converges.
"%DUAL-5-NBRCHANGE: IPX-EIGRP 2047: Neighbor x.y (Serial1/1/0.1) is down:Retry limit exceeded" --- reason for this error is - The local router sent an update, query, or reply, but did not receive an acknowledgment. Check Layer 1 (L1) and Layer 2 (L2) connectivity
"%DUAL-5-NBRCHANGE: IPX-EIGRP 2047: Neighbor x.y (Serial1/1/0.4) is up: new adjacency" --- reason for this error is --- A hello has been received from an adjoining router, and the router is viewing this neighbor as brand new, although it may have known about it previously.
Refer the following link for more information on the error messages:
smahbub, this query was resolved on another forum (GroupStudy). The nhs server command was entered using the 'public' IP address, instead of the private IP address (tunnel interface of the hub). This causes EIGRP to flap.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...