Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

DMVPN: requires clear crypto sa

My DMVPN worked fine yesterday. However the DMVPN didn't come in. I left it for 20 with no joy.

Once I did a clear crypto sa on the spoke the tunnel came up.

This seems like I'm missing something in my config.

Can someone advise?

  • VPN
Everyone's tags (4)
Cisco Employee

DMVPN: requires clear crypto sa

Oh ... well DPDs? Just wild speculation without config ;-)

New Member

Re: DMVPN: requires clear crypto sa

Sorry my Spokes tunnel config is:

interface Tunnel0

description HO-VPN

bandwidth 100

ip address 10.x.250.6

no ip redirects

ip mtu 1400

ip nhrp authentication password

ip nhrp map multicast dynamic

ip nhrp map multicast publicIP

ip nhrp map 10.x.250.1 publicIP

ip nhrp network-id aNumber

ip nhrp holdtime 360

ip nhrp nhs 10.x.250.1

zone-member security Zone-TunnelToHO

ip ospf network broadcast

tunnel source FastEthernet4

tunnel mode gre multipoint

tunnel key aNumber

tunnel protection ipsec profile protect-gre

Cisco Employee

Re: DMVPN: requires clear crypto sa

I think it's going to be something in crypto config, either invalid SPI recovery (alhough it's not strictly speaking required) or DPD missing (considering what you described and how you recovered).

This widget could not be displayed.