I have 2 DMVPN HUBs and 20 spokes and on one of these have strange status of DMVPN - NHRP (what does it mean? i didn't find explanation what that status is bad or good, is it mean that spoke could'n get NBMA address of HUB through NHRP?). Could anyone explain what does it mean?
Interface: Tunnel4, IPv4 NHRP Details
Type:Spoke, NHRP Peers:2,
# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
On spoke and second HUB router was old GRE over IPSec tunnel, i shutdown tunnel and want to replaced it on DMVPN.
I switch on debug crypto ipsec sa and that error i can see:
IPSEC(ipsec_process_proposal): invalid local address x.x.x.x
And... i just delete old GRE over IPSec tunnel interface, which contain tunnel mode ipsec ipv4 and DMPVN state change to UP!
#sh ip int br Interface IP-Address OK? Method Status Protocol Embedded-Service-Engine0/0 unassigned YES NVRAM administratively down down GigabitEthernet0/0 unassigned YES NVRAM administratively down down GigabitEthernet0/1 172.17.0.7 YES NVRAM up up GigabitEthernet0/2 #.#.#.# YES NVRAM up up Tunnel4 10.5.5.20 YES NVRAM up up Tunnel254(old IPSec) 10.1.1.149 YES NVRAM administratively down down
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...