Cisco Support Community
Community Member

EZYvpn and DMVPN

On a spoke router, I want to connect ezyvpn clients (cisco softw.clients) on a virtual template/tunnel (tunnel source=wanIP)IOS12.4.15T3, and at the same time have dmvpn spoke-to-spoke running. It works well except for one annoying detail: whenever a ezyvpn client disconnects, nhrp sort of freezes - that is nothing is reachable via neither the permanent hubtunnel nor via spoke-to-spoke tunnels - the routes persist in 'sh ip nhrp. Clear ip nhrp fixes the problem, as well as tuning down the 'ip nhrp holdtime' to f.ex 5, which doesn't scale very well (lots of wan overhead). I'm aware, that the suggested solution is ezyvpn via cryptomap, but that solution does imho not support direct Internet access via RFC1918 local pool - lacks an 'ip nat inside' statement.

Any ideas/ explanations on the nhrp behaviour ? The next experiment will be asigning the virtual template to at loopback adr, I think, so that the multipoint tunnel and the virtual templ tunnel don't share source IP.

Thank you /JJ

CreatePlease to create content