I try to setup an demo lab for DMVPN, what I use 2*2811, 2*2801 and 1*1841 ISR routers. Two HUB and two Spokes are in my design the fifth router represent the Internet and iterconnect the other four routers. VPNs are working fine between the HUB and spokes, the problem appear when I simulate the primary HUB failure, when recover this node the node doesn1t want to form IPSec session with the others.
If you are using RSA-SIG for authentication check if you are able to complete ISAKMP phase 2 and the packets are not getting dropped. The packets may be dropped because of large size of the signatures. If you are using pre shared keys make sure you have configured pre-shared in keyring using VRF PUBLIC using command "Crypto keyring myring VRP PUBLIC" on the Hub devices.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...