06-15-2016 12:33 AM - editado 03-12-2019 07:22 AM
Hi Experts,
!
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 5
crypto isakmp key NET123 address 0.0.0.0
!
!
crypto ipsec transform-set xform esp-3des esp-md5-hmac
mode transport
!
crypto ipsec profile DMVPN
set transform-set xform
set pfs group5
!
interface Loopback0
ip address 192.168.204.1 255.255.255.0
!
interface Loopback1
ip address 192.168.101.101 255.255.255.0
!
interface Tunnel0
ip address 172.16.200.12 255.255.255.0
no ip redirects
ip nhrp map multicast 52.40.101.226
ip nhrp map 172.16.200.11 52.40.101.226
ip nhrp network-id 1
ip nhrp nhs 172.16.200.11
ip nhrp shortcut
ip nhrp redirect
tunnel source GigabitEthernet1
tunnel mode gre multipoint
!
interface GigabitEthernet1
ip address dhcp
negotiation auto
!
ip-172-31-20-75# debug nhrp
NHRP protocol debugging is on
ip-172-31-20-75#ter
ip-172-31-20-75#terminal mon
ip-172-31-20-75#terminal monitor
ip-172-31-20-75#
*Jun 15 00:18:47.304: NHRP: Setting retrans delay to 64 for nhs dst 172.16.200.11
*Jun 15 00:18:47.304: NHRP: Attempting to send packet through interface Tunnel0 via DEST dst 172.16.200.11
*Jun 15 00:18:47.304: NHRP: Send Registration Request via Tunnel0 vrf global(0x0), packet size: 92
*Jun 15 00:18:47.304: src: 172.16.200.12, dst: 172.16.200.11
*Jun 15 00:18:47.304: (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1
*Jun 15 00:18:47.304: shtl: 4(NSAP), sstl: 0(NSAP)
*Jun 15 00:18:47.304: pktsz: 92 extoff: 52
*Jun 15 00:18:47.304: (M) flags: "unique nat ", reqid: 456
*Jun 15 00:18:47.304: src NBMA: 172.31.20.75
*Jun 15 00:18:47.304: src protocol: 172.16.200.12, dst protocol: 172.16.200.11
*Jun 15 00:18:47.305: (C-1) code: no error(0)
*Jun 15 00:18:47.305: prefix: 32, mtu: 9976, hd_time: 7200
*Jun 15 00:18:47.305: addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 255
*Jun 15 00:18:47.305: NHRP: Encapsulation succeeded. Sending NHRP Control Packet NBMA Address: 52.40.101.226
*Jun 15 00:18:47.305: NHRP: 116 bytes out Tunnel0
HUB-CSR-AWS:
!
crypto isakmp policy 10
encr aes 256
hash md5
authentication pre-share
group 5
crypto isakmp key NET123 address 0.0.0.0
!
!
crypto ipsec transform-set xform esp-3des esp-md5-hmac
mode transport
!
crypto ipsec profile DMVPN
set transform-set xform
set pfs group5
!
interface Loopback0
ip address 192.168.5.1 255.255.255.0
!
interface Tunnel0
ip address 172.16.200.11 255.255.255.0
no ip redirects
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip nhrp shortcut
ip nhrp redirect
tunnel source GigabitEthernet1
tunnel mode gre multipoint
!
interface GigabitEthernet1
ip address dhcp
ip access-group 100 in
negotiation auto
!
Applied ACL with log option to capture packet if its coming from any spoke but unable to see any.
Extended IP access list 100
10 permit ip any any log (1140 matches)
!
interface GigabitEthernet1
ip address dhcp
ip access-group 100 in
negotiation auto
end
ip-172-31-33-28#show logging
*Jun 15 00:14:43.965: %FMANFP-6-IPACCESSLOGP: F0: fman_fp_image: list 100 permitted tcp 221.194.44.218(35660) -> 172.31.33.28(22), 16 packets
*Jun 15 00:15:07.092: %FMANFP-6-IPACCESSLOGP: F0: fman_fp_image: list 100 permitted tcp 121.18.238.10(42605) -> 172.31.33.28(22), 1 packet
*Jun 15 00:15:32.731: %SSH-4-SSH2_UNEXPECTED_MSG: Unexpected message type has arrived. Terminating the connection from 121.18.238.10
*Jun 15 00:18:14.063: %FMANFP-6-IPACCESSLOGP: F0: fman_fp_image: list 100 permitted tcp 121.18.238.22(42659) -> 172.31.33.28(22), 15 packets
*Jun 15 00:20:13.981: %FMANFP-6-IPACCESSLOGP: F0: fman_fp_image: list 100 permitted tcp 121.18.238.10(42605) -> 172.31.33.28(22), 5 packets
*Jun 15 00:21:33.865: %FMANFP-6-IPACCESSLOGP: F0: fman_fp_image: list 100 permitted tcp 121.18.238.31(37599) -> 172.31.33.28(22), 1 packet
*Jun 15 00:21:59.334: %FMANFP-6-IPACCESSLOGP: F0: fman_fp_image: list 100 permitted tcp 73.220.149.55(57991) -> 172.31.33.28(22), 1 packet
*Jun 15 00:23:16.522: %FMANFP-6-IPACCESSLOGP: F0: fman_fp_image: list 100 permitted tcp 221.194.44.219(47765) -> 172.31.33.28(22), 1 packet
No NHRP REQUEST COMING TO HUB FROM SPOKE OR NO REPLY FROM HUB TO SPOKE
ip-172-31-33-28(config)#
ip-172-31-33-28(config-if)#shu
ip-172-31-33-28(config-if)#
ip-172-31-33-28(config-if)#no s
*Jun 15 00:31:04.940: NHRP: if_admindown: Tunnel0
*Jun 15 00:31:04.940: NHRP: if_down: Tunnel0 proto NHRP_IPv4
*Jun 15 00:31:04.940: NHRP: if_down: Tunnel0 proto NHRP_IPv4hu
ip-172-31-33-28(config-if)#no shutdown
ip-172-31-33-28(config-if)#
*Jun 15 00:31:06.940: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down
*Jun 15 00:31:06.940: %LINK-5-CHANGED: Interface Tunnel0, changed state to administratively down
ip-172-31-33-28(config-if)#
*Jun 15 00:31:07.034: NHRP: if_up: Tunnel0 proto 'NHRP_IPv4'
*Jun 15 00:31:07.034: NHRP: Registration with Tunnels Decap Module succeeded
*Jun 15 00:31:07.034: NHRP: Adding all static maps to cache
*Jun 15 00:31:08.033: NHRP: Unable to send Registration - no NHSes configured
*Jun 15 00:31:09.034: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
*Jun 15 00:31:09.034: NHRP: if_up: Tunnel0 proto 'NHRP_IPv4'
*Jun 15 00:31:09.035: NHRP: Registration with Tunnels Decap Module succeeded
*Jun 15 00:31:09.035: NHRP: Adding all static maps to cache
*Jun 15 00:31:09.036: NHRP: Unable to send Registration - no NHSes configured
*Jun 15 00:31:09.036: %LINK-3-UPDOWN: Interface Tunnel0, changed state to up
*Jun 15 00:31:10.034: NHRP: Unable to send Registration - no NHSes configured
*Jun 15 00:31:06.940: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down
*Jun 15 00:31:06.940: %LINK-5-CHANGED: Interface Tunnel0, changed state to administratively down
*Jun 15 00:31:07.034: NHRP: if_up: Tunnel0 proto 'NHRP_IPv4'
*Jun 15 00:31:07.034: NHRP: Registration with Tunnels Decap Module succeeded
*Jun 15 00:31:07.034: NHRP: Adding all static maps to cache
*Jun 15 00:31:08.033: NHRP: Unable to send Registration - no NHSes configured
*Jun 15 00:31:09.034: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
*Jun 15 00:31:09.034: NHRP: if_up: Tunnel0 proto 'NHRP_IPv4'
*Jun 15 00:31:09.035: NHRP: Registration with Tunnels Decap Module succeeded
*Jun 15 00:31:09.035: NHRP: Adding all static maps to cache
*Jun 15 00:31:09.036: NHRP: Unable to send Registration - no NHSes configured
*Jun 15 00:31:09.036: %LINK-3-UPDOWN: Interface Tunnel0, changed state to up
*Jun 15 00:31:10.034: NHRP: Unable to send Registration - no NHSes configured
ip-172-31-33-28#show access-lists
Extended IP access list 100
10 permit gre any any log
20 permit 54 any any log
30 permit ip any any (22 matches)
ip-172-31-33-28#
SPOKE-CSR-AZURE:
================
PUBLIC IP:40.112.213.43
CSR1000V-AZURE#show configuration | beg crypto
crypto isakmp policy 10
encr aes 256
hash md5
authentication pre-share
group 5
crypto isakmp key NET123 address 0.0.0.0
!
!
crypto ipsec transform-set xform esp-3des esp-md5-hmac
mode transport
!
crypto ipsec profile DMVPN
set transform-set xform
set pfs group5
!
interface Tunnel0
ip address 172.16.200.13 255.255.255.0
no ip redirects
ip nhrp map multicast 52.40.101.226
ip nhrp map 172.16.200.11 52.40.101.226
ip nhrp network-id 1
ip nhrp nhs 172.16.200.11
ip nhrp shortcut
ip nhrp redirect
tunnel source GigabitEthernet1
tunnel mode gre multipoint
!
interface GigabitEthernet1
ip address dhcp
negotiation auto
!
*Jun 15 00:35:49.512: NHRP: Setting retrans delay to 64 for nhs dst 172.16.200.11
*Jun 15 00:35:49.512: NHRP: Attempting to send packet through interface Tunnel0 via DEST dst 172.16.200.11
*Jun 15 00:35:49.512: NHRP: Send Registration Request via Tunnel0 vrf global(0x0), packet size: 92
*Jun 15 00:35:49.512: src: 172.16.200.13, dst: 172.16.200.11
*Jun 15 00:35:49.512: (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1
*Jun 15 00:35:49.512: shtl: 4(NSAP), sstl: 0(NSAP)
*Jun 15 00:35:49.512: pktsz: 92 extoff: 52
*Jun 15 00:35:49.512: (M) flags: "unique nat ", reqid: 15
*Jun 15 00:35:49.512: src NBMA: 10.10.0.4
*Jun 15 00:35:49.512: src protocol: 172.16.200.13, dst protocol: 172.16.200.11
*Jun 15 00:35:49.512: (C-1) code: no error(0)
*Jun 15 00:35:49.512: prefix: 32, mtu: 9976, hd_time: 7200
*Jun 15 00:35:49.512: addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 255
*Jun 15 00:35:49.512: NHRP: Encapsulation succeeded. Sending NHRP Control Packet NBMA Address: 52.40.101.226
*Jun 15 00:35:49.512: NHRP: 116 bytes out Tunnel0
Regards
Syed.
el 02-27-2017 03:32 PM
Did you fix this issue? I am having the same problem
el 06-29-2016 04:18 AM
Hi Fan ,
Still waiting for ur reply if u could check internally if i am missing something or is there any known issue.
Regards
Syed.
Descubra y salve sus notas favoritas. Vuelva a encontrar las respuestas de los expertos, guías paso a paso, temas recientes y mucho más.
¿Es nuevo por aquí? Empiece con estos tips. Cómo usar la comunidad Guía para nuevos miembros