! ! ! interface Tunnel0 bandwidth 16384 ip address 10.0.0.1 255.255.255.0 no ip redirects ip mtu 1400 ip nhrp authentication 1p2@3s4s ip nhrp map multicast dynamic ip nhrp network-id 100000 ip nhrp holdtime 600 ip policy route-map VPN-INTERNET delay 1000 tunnel source GigabitEthernet0/0 tunnel mode gre multipoint tunnel key 100000 tunnel protection ipsec profile vpnprof ! interface GigabitEthernet0/0 description Connected to AGI_DC_CS2 port gi2/42 ip address x.x.x.26 255.255.255.248 duplex full speed auto ! interface GigabitEthernet0/1 ip address 192.168.10.3 255.255.255.0 duplex auto speed auto ! interface Serial0/1/0 no ip address shutdown no fair-queue clock rate 2000000 ! router eigrp 1 redistribute static network 10.0.0.0 0.0.0.255 network 192.168.10.3 0.0.0.0 network 192.168.0.0 0.0.255.255 no auto-summary ! ip forward-protocol nd no ip route static inter-vrf ip route 0.0.0.0 0.0.0.0 18.104.22.168 ip route 172.17.0.0 255.255.0.0 192.168.10.1 ip route 172.31.0.0 255.255.0.0 192.168.10.1 ip route 192.168.2.0 255.255.255.0 192.168.10.1 ip route 192.168.5.0 255.255.255.0 192.168.10.1 ip route 192.168.32.0 255.255.255.0 192.168.10.1 ip route 192.168.33.0 255.255.255.0 192.168.10.1 ip http server no ip http secure-server ! ip flow-export version 5 ip flow-export destination 172.31.0.110 2048 ! ip dns server ! access-list 10 permit 192.168.33.91 access-list 10 permit 192.168.33.90 access-list 100 permit ip 192.168.0.0 0.0.255.255 any ! ! ! route-map VPN-INTERNET permit 10 match ip address 100 set ip next-hop 192.168.10.1 ! ! snmp-server group readonly v3 auth match exact read readview snmp-server view readview iso included ! control-plane !
from work i can connect to the hub and the spoke. The only addresses i can connect to the spoke with is it tunnel address, the local subnet and the loopback and no others. There are connected devices but no accessible from the HUB or the spoke
if i try to traceroute or ping a connected device from the SPOKE( src = subnet or LB) it fails. However a user connected to the spoke site can ping and traceroute the local subnet i/f or the spoke LB addr. One way connectivity? if traffic not leaving or is there no know return path ??
I need to run EIGRP so that the spokes can see the HUB devices and
potentially talk spoke to spoke
The GRE tunnels are up
EIGRP is passing updates; the routing tables look fine
i was testing to see if the spoke can get to google
it's ip address is used as i have no dns enabled
Google can be reached from the HUB, but not the spoke
all spoke traffic must use the tunnel and NOT the local WAN interface. ie. i do not want any Internet destined traffic to connect to the Internet directly. it needs to go to the HUB first
The HUB will forward all traffic it has not learned about from eigrp directly to the WAN interface (which goes to the Internet) . All learned traffic is either local or at one of the spokes.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...