I have some past experience with point to point GRE tunnels (100+ locations with a single hub). This is my first time with DMVPN and Im having some odd issues.
2 Hub locations (3825's)
6-12mbps (can be scaled up if needed)
114 Remote locations (2801's)
768kbps SDSL or full T1 per site
All sites on the AT&T backbone.
Tunnels are up and running from the remote sites to the main hubs in a lab environment. The problems are as follows:
1. While each remote router will connect to both hubs, it will only keep a security association with 1 router. The tunnels continue to work and the dynamic tunnels come up and down as needed for site to site communications, but its very odd for not to see SA's. Is this normal? If so, thats fine but I would like to make sure I'm not missing something.
2. What would be the best way to connect the 2 disparate hubs? I can drop in a 2801 and bring up a point to point GRE tunnel but I would prefer to have that for failover and run the main connection off the 3825's.
I have attached (scrubbed) configs. The remote1 config would be for an SDSL site.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...