we are getting new sip trunks put in and in order for the provider to put them in the Providor put in a router to control all web traffic so they can QOS the voice that means our VPN routers will go behind the nat barrier. but when i switched the routers interface to the natted address the DMVPN tunnels would not build. there is a nat translation to the routers so the external(route-able) IP did not change. the IPsec tunnels did come up just fine. just the few DMVPN connected tunnels did not.
if issue a "sh DMVPN" the Peer NBMA Addr shows up as 0.0.0.0 while the Peer Tunnel addr is what it should be, also the attrb is "X"
Tunnel source i have set to the interface, and the key is set to "crypto isakmp key "my key" address 0.0.0.0 0.0.0.0 no-xauth"
i am at a loss on why this was not working. keep in mind this is the HUB router and not the Spoke.
cry ipsec nat-transparency udp-encapsulation -this is hidden command in the running config, also have to make sure the mode is transport
crypto ipsec profile net1 set transform-set trans set isakmp-profile dmvpn-tun0
and then on the spoke had to add:
cry ipsec nat-transparency udp-encapsulation -again hidden in running config and making sure mode is transport
then it connected, of course if you have any ipsec tunnels they will either have to convert to a DMVPN tunnel or add Keyrings for each ipsec tunnel, this is because the keyrings take precedence over the crypto isakmp keys
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...