Hi, guys! I'm experiencing problems with NHRP in redundunt DMVPN topology. I'll try to describe the issue:
We have three routers: 1 hub and 2 spokes
Hub have two links to different ISPs, spokes have one link. I created two tunnel interfaces on hub and tied them sequently to interfaces refered to ISP1 and ISP2. The same interfaces were created on spokes. On each of tunnel interface I configured MGRE and NHRP with (I think this is correct ) different tunnel keys and nhrp network ids. Also on hub router I configured IP SLA and tracking between sought interfaces. So I have two DMVPN networks on primary tunnel interface and on redandant. But when I shutdown primary interface, after tracking choosing the redandant route, ip nhrp table becoms empty, and I can't ping any spoke tunnel interface, phisical ip interfaces are reacheble, but tunnel interfaces are not. So the scheme with IP SLA tracking between to DMVPN networks does not work.
I've tried to find the description of this siuation in SRND or CCNP Security guides, but found schems using two hub routers - not one. I need
fault-tolerant DMVPN spoke-to-spoke scheme (on two ISP) on ONE router. So what am I doing wrong, or is it possiple to reach using IP SLA principally or not?
I am not authoritative on this but I believe that it does not work to have two tunnels from a spoke router to the same hub router. It works fine for a spoke router to have two tunnels to two hubs for redundancy. And it works fine for a hub to have two tunnel interfaces if you want to spread load between interfaces. But I think that it does not work for the same hub to have two tunnels to the same spoke. I believe that the issue is that the spoke establishes a neighbor relationship with the hub on one tunnel just fine. But when it attempts to negotiate the neighbor relationship on the second tunnel it discovers that it already has a neighbor relationship and it does not come up on the second tunnel. If you want redundancy I believe that you need two hub routers.
This document gives several answers on frequently asked questions for PFRv3 channel state behavior.
Q1: What are all the channel operational states from a BR (border role) perspective and what are the rules/conditions to be in each st...
The need was to reach an host inside a LAN through a VPN connection managed by the LAN gateway (Cisco 1921).
The LAN gateway performs NAT and there was a dedicate nat rule for the host i wanted to reach through VPN.
I couldn't connect to the hos...
We have 3 identical switches configured by someone else and would like to claim some of the Gigabit ports(G1/G2/G3/G4) for use on servers. When we try to change the wiring and configuration, we run in to connectivity issues. Attached is a des...