02-27-2008 08:44 AM - edited 02-21-2020 01:55 AM
I'm trying to create a mesh network using dmvpn, and everything works great until I put an ASA5520 in front of the hub router (2801). The ASA initially blocked all communication to the spokes, but after browsing the forms I found the following commands:
static (inside,outside) udp pub_add 500 192.168.0.2 500 netmask 255.255.255.255
static (inside,outside) udp pub_add 4500 192.168.0.2 4500 netmask 255.255.255.255
static (inside,outside) tcp pub_add 50 192.168.0.2 50 netmask 255.255.255.255
global (outside) 1 pub_add
nat (inside) 1 192.168.0.2 255.255.255.255
crypto isakmp nat-t
With those commands in place the spokes show a dmvpn connection (sh dmvpn) but cannot ping the hub network. The spokes are also able to create a connection (ping) to each other.
If anyone has any suggestions I'd really appreciate the help.
Thanks!
03-04-2008 11:50 AM
Much of the problem stems from the MTU size in the traversal path. http://cisco.com/en/US/products/ps6120/products_configuration_example09186a008081e621.shtml for more information.
03-05-2008 11:52 AM
Thanks so much for your reply! I think you've pointed me in a good direction and I've been playing with the MTU size since your post yesterday.
I was wondering though if you could help me narrow my focus. I've been playing with the MTU size on the tunnel interfaces, but it doesn't seem to be affecting the problem. Am I changing the wrong interface?
Thanks!
03-27-2008 02:23 PM
I believe the issue is with your third static statement. ESP is using IP protocol # 50, not TCP port 50.
06-15-2008 10:30 PM
Did you ever get this resolved? I am having a similar problem, I am just curious of your results.
06-16-2008 03:54 AM
TAC looked at my problem and told me that the DMVPN config was correct. My problem was that there is a bug in the IOS. Simply disabling and re-enabling NAT-T did it for me.
Bug Id: CSCso38702
Hope that helps!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide