Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

dmvpn problem

I have 3 tunnels. both three tunnel are using same phrasels.

tunnel 10 is OK but tunnel 20 and 30 have problem.

sh dmvpn

Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete

        N - NATed, L - Local, X - No Socket

        # Ent --> Number of NHRP entries with same NBMA peer

        NHS Status: E --> Expecting Replies, R --> Responding

        UpDn Time --> Up or Down Time for a Tunnel

==========================================================================

Interface: Tunnel10, IPv4 NHRP Details

IPv4 NHS: 10.72.60.1 RE

Type:Spoke, Total NBMA Peers (v4/v6): 1

# Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb    Target Network

----- --------------- --------------- ----- -------- ----- -----------------

    1   172.19.4.199      10.72.60.1    UP    2d00h    S      10.72.60.1/32

Interface: Tunnel20, IPv4 NHRP Details

IPv4 NHS: 10.72.216.1  E

Type:Spoke, Total NBMA Peers (v4/v6): 1

# Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb    Target Network

----- --------------- --------------- ----- -------- ----- -----------------

    1     10.72.56.2     10.72.216.1  NHRP    never    S     10.72.216.1/32

Interface: Tunnel30, IPv4 NHRP Details

IPv4 NHS: 10.72.220.1  E

Type:Spoke, Total NBMA Peers (v4/v6): 1

# Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb    Target Network

----- --------------- --------------- ----- -------- ----- -----------------

    1     10.72.56.3     10.72.220.1  NHRP 00:51:08    S     10.72.220.1/32

sh dmvpn detail

Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete

        N - NATed, L - Local, X - No Socket

        # Ent --> Number of NHRP entries with same NBMA peer

        NHS Status: E --> Expecting Replies, R --> Responding

        UpDn Time --> Up or Down Time for a Tunnel

==========================================================================

Intferface Tunnel10 is up/up, Addr. is 10.72.60.136, VRF ""

   Tunnel Src./Dest. addr: 10.72.206.50/MGRE, Tunnel VRF ""

   Protocol/Transport: "multi-GRE/IP", Protect "ES1AT1N"

IPv4 NHS: 10.72.60.1 RE

Type:Spoke, Total NBMA Peers (v4/v6): 1

# Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb    Target Network

----- --------------- --------------- ----- -------- ----- -----------------

    1   172.19.4.199      10.72.60.1    UP    2d00h    S      10.72.60.1/32

Intferface Tunnel20 is up/up, Addr. is 10.72.216.136, VRF ""

   Tunnel Src./Dest. addr: 10.72.56.138/MGRE, Tunnel VRF ""

   Protocol/Transport: "multi-GRE/IP", Protect "ES1AT1N"

IPv4 NHS: 10.72.216.1  E

Type:Spoke, Total NBMA Peers (v4/v6): 1

# Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb    Target Network

----- --------------- --------------- ----- -------- ----- -----------------

    1     10.72.56.2     10.72.216.1  NHRP    never    S     10.72.216.1/32

Intferface Tunnel30 is up/up, Addr. is 10.72.220.136, VRF ""

   Tunnel Src./Dest. addr: 172.33.3.30/MGRE, Tunnel VRF ""

   Protocol/Transport: "multi-GRE/IP", Protect "ES1AT1N"

IPv4 NHS: 10.72.220.1  E

Type:Spoke, Total NBMA Peers (v4/v6): 1

# Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb    Target Network

----- --------------- --------------- ----- -------- ----- -----------------

    1     10.72.56.3     10.72.220.1  NHRP 00:51:31    S     10.72.220.1/32

Crypto Session Details:

--------------------------------------------------------------------------------

Interface: Tunnel10

Session: [0x464A6DDC]

  IKE SA: local 10.72.206.50/500 remote 172.19.4.199/500 Active

          Capabilities:(none) connid:1391 lifetime:21:31:27

  Crypto Session Status: UP-ACTIVE    

  fvrf: (none), Phase1_id: 172.19.4.199

  IPSEC FLOW: permit 47 host 10.72.206.50 host 172.19.4.199

        Active SAs: 2, origin: crypto map

        Inbound:  #pkts dec'ed 491241 drop 0 life (KB/Sec) 4080336/77488

        Outbound: #pkts enc'ed 473374 drop 190 life (KB/Sec) 4248170/77488

   Outbound SPI : 0x34D68081, transform : esp-3des esp-md5-hmac

    Socket State: Open

Interface: Tunnel20

Session: [0x464A6BFC]

  IKE SA: local 10.72.56.138/500 remote 10.72.56.2/500 Active

          Capabilities:(none) connid:1500 lifetime:23:58:18

  Crypto Session Status: UP-ACTIVE    

  fvrf: (none), Phase1_id: 10.72.56.2

  IPSEC FLOW: permit 47 host 10.72.56.138 host 10.72.56.2

        Active SAs: 4, origin: crypto map

        Inbound:  #pkts dec'ed 0 drop 0 life (KB/Sec) 4385497/87

        Outbound: #pkts enc'ed 513 drop 10 life (KB/Sec) 4385495/87

   Outbound SPI : 0x15DC71A8, transform : esp-3des esp-md5-hmac

    Socket State: Open

Interface: Tunnel30

Session: [0x464A6CEC]

  IKE SA: local 172.33.3.30/500 remote 10.72.56.3/500 Active

          Capabilities:(none) connid:1499 lifetime:23:57:09

  Crypto Session Status: UP-ACTIVE    

  fvrf: (none), Phase1_id: 10.72.56.3

  IPSEC FLOW: permit 47 host 172.33.3.30 host 10.72.56.3

        Active SAs: 4, origin: crypto map

        Inbound:  #pkts dec'ed 0 drop 0 life (KB/Sec) 4592562/96

        Outbound: #pkts enc'ed 1112 drop 11 life (KB/Sec) 4592561/96

   Outbound SPI : 0x91AE285F, transform : esp-3des esp-md5-hmac

    Socket State: Open

#sh crypto isakmp sa

IPv4 Crypto ISAKMP SA

dst             src             state          conn-id status

10.72.56.2      10.72.56.138    QM_IDLE           1501 ACTIVE

10.72.56.2      10.72.56.138    MM_NO_STATE       1500 ACTIVE (deleted)

10.72.56.3      172.33.3.30     QM_IDLE           1499 ACTIVE

172.19.4.199    10.72.206.50    QM_IDLE           1391 ACTIVE

sh crypto ipsec sa

interface: Tunnel10

    Crypto map tag: Tunnel10-head-0, local addr 10.72.206.50

   protected vrf: (none)

   local  ident (addr/mask/prot/port): (10.72.206.50/255.255.255.255/47/0)

   remote ident (addr/mask/prot/port): (172.19.4.199/255.255.255.255/47/0)

   current_peer 172.19.4.199 port 500

     PERMIT, flags={origin_is_acl,}

    #pkts encaps: 476355, #pkts encrypt: 476355, #pkts digest: 476355

    #pkts decaps: 494340, #pkts decrypt: 494340, #pkts verify: 494340

    #pkts compressed: 0, #pkts decompressed: 0

    #pkts not compressed: 0, #pkts compr. failed: 0

    #pkts not decompressed: 0, #pkts decompress failed: 0

    #send errors 190, #recv errors 0

     local crypto endpt.: 10.72.206.50, remote crypto endpt.: 172.19.4.199

     path mtu 1500, ip mtu 1500, ip mtu idb ATM0/1/0.1

     current outbound spi: 0x34D68081(886472833)

     PFS (Y/N): N, DH group: none

     inbound esp sas:

      spi: 0x9B52E0A7(2605899943)

        transform: esp-3des esp-md5-hmac ,

        in use settings ={Tunnel, }

        conn id: 3821, flow_id: NETGX:1821, sibling_flags 80000046, crypto map: Tunnel10-head-0

        sa timing: remaining key lifetime (k/sec): (4078769/77427)

        IV size: 8 bytes

        replay detection support: Y

        Status: ACTIVE

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:

      spi: 0x34D68081(886472833)

        transform: esp-3des esp-md5-hmac ,

        in use settings ={Tunnel, }

        conn id: 3822, flow_id: NETGX:1822, sibling_flags 80000046, crypto map: Tunnel10-head-0

        sa timing: remaining key lifetime (k/sec): (4247287/77427)

        IV size: 8 bytes

        replay detection support: Y

        Status: ACTIVE

     outbound ah sas:

     outbound pcp sas:

interface: Tunnel30

    Crypto map tag: Tunnel30-head-0, local addr 172.33.3.30

   protected vrf: (none)

   local  ident (addr/mask/prot/port): (172.33.3.30/255.255.255.255/47/0)

   remote ident (addr/mask/prot/port): (10.72.56.3/255.255.255.255/47/0)

   current_peer 10.72.56.3 port 500

     PERMIT, flags={origin_is_acl,}

    #pkts encaps: 1135, #pkts encrypt: 1135, #pkts digest: 1135

    #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0

    #pkts compressed: 0, #pkts decompressed: 0

    #pkts not compressed: 0, #pkts compr. failed: 0

    #pkts not decompressed: 0, #pkts decompress failed: 0

    #send errors 11, #recv errors 0

     local crypto endpt.: 172.33.3.30, remote crypto endpt.: 10.72.56.3

     path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/1

     current outbound spi: 0x91AE285F(2444109919)

     PFS (Y/N): N, DH group: none

     inbound esp sas:

      spi: 0x52899E63(1384750691)

        transform: esp-3des esp-md5-hmac ,

        in use settings ={Tunnel, }

        conn id: 4391, flow_id: NETGX:2391, sibling_flags 80000046, crypto map: Tunnel30-head-0

        sa timing: remaining key lifetime (k/sec): (4592562/36)

        IV size: 8 bytes

        replay detection support: Y

        Status: ACTIVE

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:

      spi: 0x91AE285F(2444109919)

        transform: esp-3des esp-md5-hmac ,

        in use settings ={Tunnel, }

        conn id: 4392, flow_id: NETGX:2392, sibling_flags 80000046, crypto map: Tunnel30-head-0

        sa timing: remaining key lifetime (k/sec): (4592557/36)

        IV size: 8 bytes

        replay detection support: Y

        Status: ACTIVE

     outbound ah sas:

     outbound pcp sas:

interface: Tunnel20

    Crypto map tag: Tunnel20-head-0, local addr 10.72.56.138

   protected vrf: (none)

   local  ident (addr/mask/prot/port): (10.72.56.138/255.255.255.255/47/0)

   remote ident (addr/mask/prot/port): (10.72.56.2/255.255.255.255/47/0)

   current_peer 10.72.56.2 port 500

     PERMIT, flags={origin_is_acl,}

    #pkts encaps: 542, #pkts encrypt: 542, #pkts digest: 542

    #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0

    #pkts compressed: 0, #pkts decompressed: 0

    #pkts not compressed: 0, #pkts compr. failed: 0

    #pkts not decompressed: 0, #pkts decompress failed: 0

    #send errors 11, #recv errors 0

     local crypto endpt.: 10.72.56.138, remote crypto endpt.: 10.72.56.2

     path mtu 1514, ip mtu 1514, ip mtu idb Loopback0

     current outbound spi: 0xE85EB28B(3898520203)

     PFS (Y/N): N, DH group: none

     inbound esp sas:

      spi: 0x36A9A258(917086808)

        transform: esp-3des esp-md5-hmac ,

        in use settings ={Tunnel, }

        conn id: 4393, flow_id: NETGX:2393, sibling_flags 80000046, crypto map: Tunnel20-head-0

        sa timing: remaining key lifetime (k/sec): (4569494/52)

        IV size: 8 bytes

        replay detection support: Y

        Status: ACTIVE

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:

      spi: 0xE85EB28B(3898520203)

        transform: esp-3des esp-md5-hmac ,

        in use settings ={Tunnel, }

        conn id: 4394, flow_id: NETGX:2394, sibling_flags 80000046, crypto map: Tunnel20-head-0

        sa timing: remaining key lifetime (k/sec): (4569489/52)

        IV size: 8 bytes

        replay detection support: Y

        Status: ACTIVE

     outbound ah sas:

     outbound pcp sas:

461
Views
0
Helpful
0
Replies