Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Problem running DMVPN and IPSec VPN at the same time

I have a hub-spoke VPN network: 2 hub routers are 7206 VXR and remote routers are 2800. Each hub router has had number of point-to-point IPSec+GRE tunnels configured and running with remote sites. I'm now adding DMVPN between each hub router and a few other remote sites. The DMVPN is running fine between hub and spokes, but somehow it caused all the eixsting point-to-point IPSec tunnels drop. Here are some details:

1) Hub DMVPN config:

crypto isakmp key MYKEY address 12.12.12.12

crypto ipsec profile DMVPN

set transform-set DM

interface Tunnel1

ip address 192.168.1.1 255.255.255.0

no ip redirects

ip mtu 1400

ip nhrp map multicast dynamic

ip nhrp network-id 1

ip nhrp holdtime 600

tunnel source G0/0

tunnel mode gre multipoint

tunnel protection ipsec profile DMVPN

router eigrp 1

no passive-interface Tunnel1

2) Spoke DMVPN config:

crypto ipsec profile DMVPN

set transform-set DM

crypto isakmp key MYKEY address 14.14.14.14

interface Tunnel1

ip address 192.168.1.2 255.255.255.0

ip mtu 1400

ip nhrp map 192.168.1.1 14.14.14.14

ip nhrp map multicast 14.14.14.14

ip nhrp network-id 1

ip nhrp holdtime 600

ip nhrp nhs 192.168.1.1

tunnel source G0/0

tunnel destination 14.14.14.14

tunnel protection ipsec profile DMVPN

3) When DMVPN is up, hub router existing IPSec tunnels are shown ISAKMP failure.

Hub# show crypto isakmp sa

14.14.14.14     20.20.20.20 MM_NO_STATE       1508    0 ACTIVE (deleted)

4) After I shut down interface Tunnel1, existing IPSec tunnels are coming back. ISAKMP SA shows QM_IDLE state.

Have anyone seen similar issues between DMVPN and traditional point-to-point IPSec+GRE tunnels on the same router?

Thanks a lot

462
Views
0
Helpful
0
Replies
CreatePlease login to create content