I have a dmvpn network setup between the hub router and 30+ spokes but when I do a traceroute from a device from behind a spoke the path is taking me through the hub to get to the other spoke. Is there anything in the config of the tunnel inteface on either the hub and or spoke(s) to allow this without going thru the hub? My spoke are running 12.4(22) T and are not behind any nat device and the hub is running 12.4(15)T and is behind a Cisco ASA 5510. So the hub is being natted thru the ASA. Is spoke to spoke communications possible without going thru the hub??
Message was edited by: David James
Put that command under your hub's tunnel interface.
What happened is dy default your hub router will change the next-hop to itself, so that even the spoke router learned remote spoke tunnel interface via NHRP request, traffic will still pass your hub router. "no ip next-hop-self eigrp" can change that default behavior.
Can you do some testing on your spoke router.
1, generate some traffic to another spoke router
2, do show ip eigrp to x.x.x.x x.x.x.x (the prefix advertise by remote spoke)
3, show ip nhrp brief
What I am trying to see is whether the spoke router learns the same prefix from hub and remote spoke and does the spoke router get NHRP responds from NHS.
You can post the output here.
I did a tracert from a device behind one spoke to a device behind another spoke. Here are the results:
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
C:\Documents and Settings\akwh>TRACERT 172.16.25.2
Tracing route to 172.16.25.2 over a maximum of 30 hops
1 24 ms 1 ms 1 ms ak-rtr.piedmontplastics.com [172.16.104.1]
2 124 ms 125 ms 125 ms 10.10.254.1 (Tunnel interface of Hub)
3 164 ms 164 ms 151 ms 10.10.254.15(Tunnel interface of remote spoke)
4 165 ms 171 ms 160 ms 172.16.25.2
C:\Documents and Settings\akwh>
ak-rtr#sh ip nhrp br
Target Via NBMA Mode Intfc Claimed
10.10.254.1/32 10.10.254.1 188.8.131.52 static Tu0 < >
10.10.254.15/32 10.10.254.15 184.108.40.206 dynamic Tu0 < >
10.10.254.36/32 10.10.254.36 220.127.116.11 dynamic Tu0 < >
18.104.22.168/32 10.10.254.1 22.214.171.124 dynamic Tu0 10.20.10.2
126.96.36.199/23 10.10.254.1 188.8.131.52 dynamic Tu0 10.20.10.2
184.108.40.206/32 220.127.116.11 18.104.22.168 dynamic Tu0 < >
From your outputs, it looks your spoke external ip is been natted. The HUB router reply spoke's NHRP registration request with it's own external IP.
10.10.254.15/32 10.10.254.15 22.214.171.124(this is hub's external IP) dynamic Tu0 < >
When you have one or both spoke routers behind NAT box, it can not form spoke to spoke tunnel. Currently spoke to spoke tunnel with NAT is not supported yet. See the link for detail explain
Hope clarify your quesion
My spokes are running 12.4(22)t and the hub is 12.4(15)t. The hub is
behind a cisco ASA. Is spoke to spoke doable?
Sent from my iPhone.
On Feb 22, 2010, at 7:27 PM, "letian"
Currently spoke to spoke with NAT is not supported on any IOS release.
You can check whether the spokes are been natted on hub router use command "show ip nhrp brief". The "Claimed" field is the pre-nat address NBMA field is the after-nat address.