Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

DMVPN tunnel issues

hi

I am configuring a Multpoint GRE DMVPN on the Hub 3845 running 12.4.9 T code and on the remote 1811 running 12.4.15 T8 code.

the issue i run into is that when i shutdown the Multipoint Tunnel on the hub end the remote does not re establish dmvpn as long as the keepalive is configured on the remote tunnel. Once removed it comes on instanly. I have included part of th configs. any help is appreciated.

HUB

interface Tunnel20

ip address 1.1.1.1 255.255.255.0

no ip redirects

ip mtu 1400

ip nhrp map multicast dynamic

ip nhrp network-id 2

ip nhrp cache non-authoritative

ip ospf dead-interval 60

keepalive 10 5

cdp enable

tunnel source GigabitEthernet0/1

tunnel mode gre multipoint

tunnel key 20

tunnel protection ipsec profile test

end

Remote

interface Tunnel20

ip address 1.1.1.2 255.255.255.0

ip mtu 1400

ip nhrp map multicast 192.129.155.9

ip nhrp map 1.1.1.1 192.129.155.9

ip nhrp network-id 2

ip nhrp nhs 1.1.1.1

cdp enable

tunnel source FastEthernet0

tunnel destination 192.129.155.9

tunnel key 20

tunnel protection ipsec profile test

keepalive 10 5

end

8 REPLIES
Hall of Fame Super Silver

Re: DMVPN tunnel issues

Hello Dwayne,

DMVPN are usually deployed using a dynamic routing protocol like OSPF or EIGRP.

I would suggest you to use EIGRP or OSPF instead of tunnel keepalive.

see

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/DMVPN_1.html#wp37110

Hope to help

Giuseppe

Re: DMVPN tunnel issues

Keepalives is not supported on DMVPN.

New Member

Re: DMVPN tunnel issues

The keepalive 10 5 is not support, you can us e the folowing

You can change to ip nhrp holdtime=#xxx

Changes the number of seconds that NHRP NBMA addresses are advertised as valid in authoritative NHRP responses.

•The seconds argument specifies the time in seconds that NBMA addresses are advertised as valid in positive authoritative NHRP responses. The recommended value ranges from 300 seconds to 600 seconds.

New Member

Re: DMVPN tunnel issues

thanks for your reply. I did reconfigure to OSPF and used the command holdtime like you suggested. However when i shut down the hub gre multipoint end shouldn't the remote NOT have the following information when i do the show ip nhrp command or am i using the wrong command to verify that the nbma address has dropped

sho ip nhrp

10.224.10.1/32 via 10.224.10.1, Tunnel2 created 00:22:42, never expire

Type: static, Flags:

NBMA address: 64.x.x.x

thanks

New Member

Re: DMVPN tunnel issues

.

New Member

Re: DMVPN tunnel issues

So you have the ip nhrp configuration at both the Hub router

ip nhrp holdtime ### "Where this parameter changes the number of seconds that NHRP NBMA addresses are advertised as valid in authoritative NHRP responses.

and at the Spoke routers as well?

New Member

Re: DMVPN tunnel issues

Under the Hub configuration

Interface Tunnel#

ip nhrp holdtime 600

Under the Spoke configuration

Interface Tunnel#

ip nhrp holdtime 300.

one last note: under the OSPF configuration do you have it configured to make sure that the hub router will be the Designated Router (DR) for the IPsec+mGRE network.

You can do this by

1. Setting the Hub configuration

under the Tunnl interface

ip ospf priority 2

under the spoke(s) configuration

Under the Tunnel configuration

ip ospf priority 0

New Member

Re: DMVPN tunnel issues

One last note: nhrp aythentication doesnt seem to be configured

Hub router

Interface Tunnel #

ip nhrp authentication abc123

Spoke router

Interface Tunnel #

ip nhrp authentication abc123

3673
Views
20
Helpful
8
Replies
CreatePlease to create content