Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

DMVPN issue

Please find config as attchment

My nhrp debug in spoke follows..

*May 2 16:20:27.779: Responder Address Extension(3):

*May 2 16:20:27.779: Forward Transit NHS Record Extension(4):

*May 2 16:20:27.779: Reverse Transit NHS Record Extension(5):

*May 2 16:20:27.779: Authentication Extension(7):

*May 2 16:20:27.779: type:Cleartext(1), data:DMVPN_NW

*May 2 16:20:27.779: NHRP: 84 bytes out Tunnel0

*May 2 16:21:16.367: NHRP: Setting retrans delay to 64 for nhs dst

*May 2 16:21:16.367: NHRP: Attempting to send packet via DEST

*May 2 16:21:16.367: NHRP: Encapsulation succeeded. Tunnel IP addr X.X.X.X

*May 2 16:21:16.367: NHRP: Send Registration Request via Tunnel0 vrf 0, packet size: 84

*May 2 16:21:16.367: src:, dst:

*May 2 16:21:16.367: (F) afn: IPv4(1), type: IP(800), hop: 255, ver: 1

*May 2 16:21:16.367: shtl: 4(NSAP), sstl: 0(NSAP)

*May 2 16:21:16.367: (M) flags: "unique", reqid: 327

*May 2 16:21:16.367: src NBMA: x.x.x.x

*May 2 16:21:16.367: src protocol:, dst protocol:

*May 2 16:21:16.367: (C-1) code: no error(0)

*May 2 16:21:16.367: prefix: 255, mtu: 1514, hd_time: 360

*May 2 16:21:16.367: addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0

*May 2 16:21:16.367: Responder Address Extension(3):

*May 2 16:21:16.367: Forward Transit NHS Record Extension(4):

*May 2 16:21:16.367: Reverse Transit NHS Record Extension(5):

*May 2 16:21:16.367: Authentication Extension(7):

*May 2 16:21:16.367: type:Cleartext(1), data:DMVPN_NW

*May 2 16:21:16.367: NHRP: 84 bytes out Tunnel0

May 2 16:29:29.755: NHRP: Resetting retransmit due to hold-timer for

I am not receiving NHRP reply from hub. ipsec phase 1 negotiation is not initiated. What could be the possible cause?

There are other spoke with replica configuration works fine.. Your replies are highly appreciated


Re: DMVPN issue

This section provides information you can use to confirm your configuration works properly.

Debug commands that run on the hub router confirm that the correct parameters are matched for the spoke and VPN Client connections. Run these debug commands.

New Member

Re: DMVPN issue

dmvpn does not need a crypto map applied to the spoke...

or is this spoke doing 2 tunnels ? (one dmvpn, one not dmvpn)...

I think you need to work on your config...

the spoke should use a dynamic routing protocol (like the ospf you have there) to learn the remote networks at the hub, and for the hub to learn the remote networks from the spoke....

CreatePlease login to create content