Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
316
Views
0
Helpful
2
Replies

DMVPN problem with spoke to spoke tunnels not coming up!

Brent Rockburn
Level 2
Level 2

‎10-27-2008 08:14 AM - edited ‎03-04-2019 12:05 AM

All traffic being routed through the hubs and spoke to spoke tunnels wouldn't come up.

Tried for hours with CISCO engineers on the phone to fix an issues with DMVPN routing through the head ends and not the spoke to other spokes. Turns out is was the version of IOS I was running at the hubs.

I was running c7200-jk9s-mz.124.13b.bin and I am now running c7200-adventerprisek9-mz.124.15.T7.bin

Works beautifully now. This was an NHRP issue I don't know if one of you can through this in a solution database as I tried for a very long time to find a solution and there was nothing. If you need more detail please let me know. I have a TAC open for it SR 609892261, you should be able to grab loads of info from that if you can.

Labels:
0 Helpful
2 Replies 2

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎10-27-2008 02:31 PM

Hello Brent,

a Service Request is associated to a Service Contract and only CCO accounts associated to that Service Contract can access it.

So I don't think any of us ( the ones not working directly for Cisco) can access your SR.

And this is reasonable.

It is possible using my CCO account to access the Bug Toolkit(go to support and accesss the Bug toolkit) and look for IOS software 12.4.13b platform 7200 and keyword DMVPN starts a search:

if finds 11 bugs

for example it can be:

CSCsc72704

Dynamic spoke to spoke tunnel fails to establish in daisy-chained DMVPN

1st Found-In

12.4(5)M

Known Affected Versions This link will launch a new window.

Fixed-In

12.4(9)T2

12.4(9.15)T

12.4(6)T10

"Dynamic spoke to spoke tunnel fails to establish in daisy-chained DMVPN

In a daisy-chained DMVPN (Dynamic Multipoint VPN) environment, if the hub

router does not terminate both the GRE and IPSec tunnels on the same device,

then NHRP (Next Hop Resolution Protocol) traffic from the hub to a spoke

may be forwarded in clear instead of being encrypted, which subsequently

will be dropped on the destination spoke router. This can cause dynamic

spoke to spoke tunnel not to get established."

There is no known workaround at this time.

However, thanks for having signalled a problem that can occur to other network engineers.

Hope to help

Giuseppe

0 Helpful

Brent Rockburn
Level 2
Level 2
In response to Giuseppe Larosa

‎10-27-2008 03:42 PM

Hey Giuseppe!

yeah sorry I guess I was thinking Knowledge base would be the best .. I just would hate to see another administrator go through this one ;)

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card