Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

DMVPN problem

HUB tunnnel:

bandwidth 16000

ip address 10.0.6.9 255.255.255.248

no ip redirects

ip mtu 1400

ip nhrp authentication xxx

ip nhrp map multicast dynamic

ip nhrp network-id 1

ip nhrp holdtime 600

ip tcp adjust-mss 1360

delay 1000

tunnel source FastEthernet0

tunnel mode gre multipoint

tunnel key 1

tunnel protection ipsec profile DMVPN

Spoke tunnel:

bandwidth 6000

ip address 10.0.6.11 255.255.255.248

no ip redirects

ip mtu 1400

ip nhrp authentication xxx

ip nhrp map 10.0.6.9 xx.xx.xx.xx

ip nhrp map multicast xx.xx.xx.xx

ip nhrp network-id 1

ip nhrp holdtime 600

ip nhrp nhs 10.0.6.9

ip tcp adjust-mss 1360

delay 1000

tunnel source Vlan2

tunnel mode gre multipoint

tunnel key 1

tunnel protection ipsec profile DMVPN

On HUB and Spoke:

crypto isakmp policy 5

encr aes 256

authentication pre-share

group 2

crypto isakmp key xxx address 0.0.0.0 0.0.0.0

crypto isakmp keepalive 15 5 periodic

!

crypto ipsec transform-set VPNSET esp-aes 256 esp-sha-hmac

!

crypto ipsec profile DMVPN

set transform-set VPNSET

sh dmvpn command from spoke:

# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb

----- --------------- --------------- ----- -------- -----

1 XX.XX.XX.XX 10.0.6.9 IPSEC never S

sh dmvpn command from HUB

returns only legend :o((

do you have any suggestion?

  • Other Security Subjects
1 REPLY
Cisco Employee

Re: DMVPN problem

Hi,

What is the problem you are facing? Is your tunnel not coming up.

Make sure that you are using transport mode.

crypto ipsec transform-set VPNSET esp-aes 256 esp-sha-hmac

mode transport

sh cry isa sa

sh ip nhrp

sh ip nhrp dynamic

These are some of the commands that will tell you the status of the tunnel.

Please rate this post, if it helps

Cheers

Gilbert

178
Views
0
Helpful
1
Replies
This widget could not be displayed.