cancelar
Mostrando los resultados de 
Buscar en lugar de 
Quiere decir: 
cancel
7314
Visitas
0
ÚTIL
16
Respuestas

DMVPN NHRP b/w 2 CSR on AWS and CSR on AZURE not working .

fsyed0001
Level 1
Level 1

Hi Experts,

Trying to build the DMVPN topology but HUB-CSR on AWS is not receiving any NHRP packet .
Tried to put access-list with log option but unable to see any nhrp or gre packet.
Currently removed the Tunnel Protection from Tunnel interface just to make sure if MGRE with NHRP working fine or not .
Plain GRE tunnel b/w 2 devices is working but if i use mGRE with NHRP then seems like NHRP on Hub is not receiving any NHRP request from Spokes although spokes are sending NHRP request.
Any help or assistance will be highly apprecaited.
TOPOLOGY:
==========
(SPOKE-CSR--AWS)-.12--------172.16.200./24-------.11---(HUB-CSR-AWS)-------------------.13---(SPOKE-CSR-AZURE)
SPOKE-CSR-AWS:
===============
PUBLIC IP:54.191.183.223
 

!

crypto isakmp policy 10

 encr aes 256

 authentication pre-share

 group 5

crypto isakmp key NET123 address 0.0.0.0        

!

!

crypto ipsec transform-set xform esp-3des esp-md5-hmac 

 mode transport

!

crypto ipsec profile DMVPN

 set transform-set xform 

 set pfs group5

!

interface Loopback0

 ip address 192.168.204.1 255.255.255.0

!

interface Loopback1

 ip address 192.168.101.101 255.255.255.0

!

interface Tunnel0

 ip address 172.16.200.12 255.255.255.0

 no ip redirects

 ip nhrp map multicast 52.40.101.226

 ip nhrp map 172.16.200.11 52.40.101.226

 ip nhrp network-id 1

 ip nhrp nhs 172.16.200.11

 ip nhrp shortcut

 ip nhrp redirect

 tunnel source GigabitEthernet1

 tunnel mode gre multipoint

!

interface GigabitEthernet1

 ip address dhcp

 negotiation auto

!

Spoke sending NHRP Request to Hub but no reply from Hub

ip-172-31-20-75# debug nhrp 

NHRP protocol debugging is on

ip-172-31-20-75#ter

ip-172-31-20-75#terminal mon

ip-172-31-20-75#terminal monitor 

ip-172-31-20-75#

*Jun 15 00:18:47.304: NHRP: Setting retrans delay to 64 for nhs  dst 172.16.200.11

*Jun 15 00:18:47.304: NHRP: Attempting to send packet through interface Tunnel0 via DEST  dst 172.16.200.11

*Jun 15 00:18:47.304: NHRP: Send Registration Request via Tunnel0 vrf global(0x0), packet size: 92

*Jun 15 00:18:47.304:  src: 172.16.200.12, dst: 172.16.200.11

*Jun 15 00:18:47.304:  (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1

*Jun 15 00:18:47.304:      shtl: 4(NSAP), sstl: 0(NSAP)

*Jun 15 00:18:47.304:      pktsz: 92 extoff: 52

*Jun 15 00:18:47.304:  (M) flags: "unique nat ", reqid: 456 

*Jun 15 00:18:47.304:      src NBMA: 172.31.20.75

*Jun 15 00:18:47.304:      src protocol: 172.16.200.12, dst protocol: 172.16.200.11

*Jun 15 00:18:47.305:  (C-1) code: no error(0)

*Jun 15 00:18:47.305:        prefix: 32, mtu: 9976, hd_time: 7200

*Jun 15 00:18:47.305:        addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 255

*Jun 15 00:18:47.305: NHRP: Encapsulation succeeded.  Sending NHRP Control Packet  NBMA Address: 52.40.101.226

*Jun 15 00:18:47.305: NHRP: 116 bytes out Tunnel0  

HUB-CSR-AWS:

=============
PUBLIC IP :52.40.101.226

!

crypto isakmp policy 10

 encr aes 256

 hash md5

 authentication pre-share

 group 5

crypto isakmp key NET123 address 0.0.0.0        

!

!

crypto ipsec transform-set xform esp-3des esp-md5-hmac 

 mode transport

!

crypto ipsec profile DMVPN

 set transform-set xform 

 set pfs group5

!

interface Loopback0

 ip address 192.168.5.1 255.255.255.0

!

interface Tunnel0

 ip address 172.16.200.11 255.255.255.0

 no ip redirects

 ip nhrp map multicast dynamic

 ip nhrp network-id 1

 ip nhrp shortcut

 ip nhrp redirect

 tunnel source GigabitEthernet1

 tunnel mode gre multipoint

!

interface GigabitEthernet1

 ip address dhcp

 ip access-group 100 in

 negotiation auto

!

 

Applied ACL with log option to capture packet if its coming from any spoke but unable to see any.

Extended IP access list 100

    10 permit ip any any log (1140 matches)

!

interface GigabitEthernet1

 ip address dhcp

 ip access-group 100 in

 negotiation auto

end

ip-172-31-33-28#show logging

*Jun 15 00:14:43.965: %FMANFP-6-IPACCESSLOGP: F0: fman_fp_image:  list 100 permitted tcp 221.194.44.218(35660) -> 172.31.33.28(22), 16 packets

*Jun 15 00:15:07.092: %FMANFP-6-IPACCESSLOGP: F0: fman_fp_image:  list 100 permitted tcp 121.18.238.10(42605) -> 172.31.33.28(22), 1 packet

*Jun 15 00:15:32.731: %SSH-4-SSH2_UNEXPECTED_MSG: Unexpected message type has arrived. Terminating the connection from 121.18.238.10

*Jun 15 00:18:14.063: %FMANFP-6-IPACCESSLOGP: F0: fman_fp_image:  list 100 permitted tcp 121.18.238.22(42659) -> 172.31.33.28(22), 15 packets

*Jun 15 00:20:13.981: %FMANFP-6-IPACCESSLOGP: F0: fman_fp_image:  list 100 permitted tcp 121.18.238.10(42605) -> 172.31.33.28(22), 5 packets

*Jun 15 00:21:33.865: %FMANFP-6-IPACCESSLOGP: F0: fman_fp_image:  list 100 permitted tcp 121.18.238.31(37599) -> 172.31.33.28(22), 1 packet

*Jun 15 00:21:59.334: %FMANFP-6-IPACCESSLOGP: F0: fman_fp_image:  list 100 permitted tcp 73.220.149.55(57991) -> 172.31.33.28(22), 1 packet

*Jun 15 00:23:16.522: %FMANFP-6-IPACCESSLOGP: F0: fman_fp_image:  list 100 permitted tcp 221.194.44.219(47765) -> 172.31.33.28(22), 1 packet

No NHRP REQUEST COMING TO HUB FROM SPOKE OR NO REPLY FROM HUB TO SPOKE

ip-172-31-33-28(config)#interface tunnel 0

ip-172-31-33-28(config-if)#shu

ip-172-31-33-28(config-if)#shutdown 

ip-172-31-33-28(config-if)#no s

*Jun 15 00:31:04.940: NHRP: if_admindown: Tunnel0

*Jun 15 00:31:04.940: NHRP: if_down: Tunnel0 proto NHRP_IPv4

*Jun 15 00:31:04.940: NHRP: if_down: Tunnel0 proto NHRP_IPv4hu

ip-172-31-33-28(config-if)#no shutdown 

ip-172-31-33-28(config-if)#

*Jun 15 00:31:06.940: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down

*Jun 15 00:31:06.940: %LINK-5-CHANGED: Interface Tunnel0, changed state to administratively down

ip-172-31-33-28(config-if)#

*Jun 15 00:31:07.034: NHRP: if_up: Tunnel0 proto 'NHRP_IPv4'

*Jun 15 00:31:07.034: NHRP: Registration with Tunnels Decap Module succeeded

*Jun 15 00:31:07.034: NHRP: Adding all static maps to cache

*Jun 15 00:31:08.033: NHRP: Unable to send Registration - no NHSes configured

*Jun 15 00:31:09.034: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up

*Jun 15 00:31:09.034: NHRP: if_up: Tunnel0 proto 'NHRP_IPv4'

*Jun 15 00:31:09.035: NHRP: Registration with Tunnels Decap Module succeeded

*Jun 15 00:31:09.035: NHRP: Adding all static maps to cache

*Jun 15 00:31:09.036: NHRP: Unable to send Registration - no NHSes configured

*Jun 15 00:31:09.036: %LINK-3-UPDOWN: Interface Tunnel0, changed state to up

*Jun 15 00:31:10.034: NHRP: Unable to send Registration - no NHSes configured

*Jun 15 00:31:06.940: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down

*Jun 15 00:31:06.940: %LINK-5-CHANGED: Interface Tunnel0, changed state to administratively down

*Jun 15 00:31:07.034: NHRP: if_up: Tunnel0 proto 'NHRP_IPv4'

*Jun 15 00:31:07.034: NHRP: Registration with Tunnels Decap Module succeeded

*Jun 15 00:31:07.034: NHRP: Adding all static maps to cache

*Jun 15 00:31:08.033: NHRP: Unable to send Registration - no NHSes configured

*Jun 15 00:31:09.034: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up

*Jun 15 00:31:09.034: NHRP: if_up: Tunnel0 proto 'NHRP_IPv4'

*Jun 15 00:31:09.035: NHRP: Registration with Tunnels Decap Module succeeded

*Jun 15 00:31:09.035: NHRP: Adding all static maps to cache

*Jun 15 00:31:09.036: NHRP: Unable to send Registration - no NHSes configured

*Jun 15 00:31:09.036: %LINK-3-UPDOWN: Interface Tunnel0, changed state to up

*Jun 15 00:31:10.034: NHRP: Unable to send Registration - no NHSes configured

No matching for gre or nhrp protocol number 54

ip-172-31-33-28#show access-lists 

Extended IP access list 100

    10 permit gre any any log

    20 permit 54 any any log

    30 permit ip any any (22 matches)

ip-172-31-33-28#

SPOKE-CSR-AZURE:

================

PUBLIC IP:40.112.213.43

 

CSR1000V-AZURE#show configuration | beg crypto

crypto isakmp policy 10

 encr aes 256

 hash md5

 authentication pre-share

 group 5

crypto isakmp key NET123 address 0.0.0.0        

!

!

crypto ipsec transform-set xform esp-3des esp-md5-hmac 

 mode transport

!

crypto ipsec profile DMVPN

 set transform-set xform 

 set pfs group5

!

interface Tunnel0

 ip address 172.16.200.13 255.255.255.0

 no ip redirects

 ip nhrp map multicast 52.40.101.226

 ip nhrp map 172.16.200.11 52.40.101.226

 ip nhrp network-id 1

 ip nhrp nhs 172.16.200.11

 ip nhrp shortcut

 ip nhrp redirect

 tunnel source GigabitEthernet1

 tunnel mode gre multipoint

!

interface GigabitEthernet1

 ip address dhcp

 negotiation auto

!

Spoke sending NHRP Request to Hub but no reply from Hub
 

*Jun 15 00:35:49.512: NHRP: Setting retrans delay to 64 for nhs  dst 172.16.200.11

*Jun 15 00:35:49.512: NHRP: Attempting to send packet through interface Tunnel0 via DEST  dst 172.16.200.11

*Jun 15 00:35:49.512: NHRP: Send Registration Request via Tunnel0 vrf global(0x0), packet size: 92

*Jun 15 00:35:49.512:  src: 172.16.200.13, dst: 172.16.200.11

*Jun 15 00:35:49.512:  (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1

*Jun 15 00:35:49.512:      shtl: 4(NSAP), sstl: 0(NSAP)

*Jun 15 00:35:49.512:      pktsz: 92 extoff: 52

*Jun 15 00:35:49.512:  (M) flags: "unique nat ", reqid: 15 

*Jun 15 00:35:49.512:      src NBMA: 10.10.0.4

*Jun 15 00:35:49.512:      src protocol: 172.16.200.13, dst protocol: 172.16.200.11

*Jun 15 00:35:49.512:  (C-1) code: no error(0)

*Jun 15 00:35:49.512:        prefix: 32, mtu: 9976, hd_time: 7200

*Jun 15 00:35:49.512:        addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 255

*Jun 15 00:35:49.512: NHRP: Encapsulation succeeded.  Sending NHRP Control Packet  NBMA Address: 52.40.101.226

*Jun 15 00:35:49.512: NHRP: 116 bytes out Tunnel0 

Regards

Syed.

16 RESPUESTAS 16

Did you fix this issue? I am having the same problem

Hi Fan ,

  Still waiting for ur reply if u could check internally if i am missing something or is there any known issue.

Regards

Syed.