Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

DMVPN Problem. Full Mesh - Single Hub

Situation. 1 Hub, 2 Spokes (currently)

OSPF. Tunnels up. Routes showing ok.

All routers 1811. IOS 12.4 Adv IP Services.

All sites can ping all tunnel interfaces w/o issue.

LAN Traffic issues as follows:

Hub can ping spoke 1 node, but not spoke 2 node, trace shows traffic stopping at spoke 2 tunnel interface.

Spoke1 can get to HUBLAN, but now SPOKE2LAN. Trace shows Traffic gets to Spoke2 Tunnel Interface

Spoke2 can get to HUBLAN -AND- Spoke1LAN without any issue.

Checked NAT to ensure that SourceLAN-DestLAN is EXCLUDED for all site LANs (ie.: spoke1LAN-HUBLAN and spoke1LAN-Spoke2LAN at spoke1, etc)

If Spoke2 can get to both Hub and Spoke1, I can't figure out why neither the Hub, nor Spoke1 can get to it.

Its gotta be an ACL issue, I'm sure, but I don't see it.

ACLs at Spoke2:

ip access-list extended ACL-vlan1-out

remark Defines what traffic is allowed to leave the local LAN

remark Limits traffic to that coming from the assigned IP Range

permit icmp any echo log-input

permit icmp any echo-reply log-input

permit icmp any traceroute

permit ip any log-input

deny ip any any

ip access-list extended NAT-LIST

deny ip

deny ip

permit ip any


interface Vlan1

description LEGACY LAN

ip address

ip access-group ACL-Vlan1-Out in

ip nat inside

ip virtual-reassembly



interface Tunnel0

bandwidth 1000

ip address

no ip redirects

ip mtu 1400

ip nhrp authentication NHRP_KEY

ip nhrp map multicast

ip nhrp map

ip nhrp network-id 100000

ip nhrp holdtime 300

ip nhrp nhs

ip nhrp cache non-authoritative

ip ospf network broadcast

ip ospf priority 0

delay 1000

tunnel source FastEthernet0

tunnel mode gre multipoint

tunnel key 100000

tunnel protection ipsec profile vpnprof


New Member

Re: DMVPN Problem. Full Mesh - Single Hub

belay my last. issue appears to be LAN related at the spoke2 site. For some odd reason client gateways are mysteriously changing.

CreatePlease to create content