DMVPN - Traffic only goes one way.

Ashley Pilbeam · ‎04-24-2012

Hi All,

Currently working on a DVPN project and having trouble getting things working correctly. have been working primarily from this document: http://www.cisco.com/en/US/tech/tk583/tk372/technologies_white_paper09186a008018983e.shtml

I have 3 seperate sites. HQ, Site1 and Site2. each site is using NAT so it has internet access which is working correctly as far as I can tell. just to get things working, I have created a static route to the other LAN segment over the Tunnel interface.

The problem is that pings from the spoke to the hub router works fine, however the hub cannot ping the spoke.

The "sh dmvpn" command gives the following outputs:

http://pastebin.com/0rEGC37j

The "sh ip route" command gives the following outputs:

http://pastebin.com/t3vfY5Xi

Lastly, here is the full configuration for both devices;

http://pastebin.com/KHrenyWR

http://pastebin.com/NWnNjSWs

When I ping from Site1 to HQ I can see the encryption counters going up (using sh crypto ipsec sa) whereas if I ping from HQ to Site1, the counters dont go up and neither do the interface counters on Tunnel0 so clearly HQ is not passing any traffic over the tunnel... but I dont know why!

Very new to DMVPN, think i may have taken on a little too much with this project but its too late now.

Any help much appreciated.

Thanks,

apilbeam

Dan Frey · ‎04-24-2012

DMVPN is a multiaccess network. Try removing "

ip route 10.10.10.0 255.255.255.0 Tunnel0" and replace Tunnel0 with the next-hop ip address.

Dan

Marvin Rhoads · ‎04-24-2012

I built a couple of DMVPN networks using the Cisco Configuration Professional tool. It has a nice wizard, was simple and worked on the first try.