12-08-2015 05:23 AM - edited 03-03-2019 08:04 AM
Hello Everyone,
I'm having the next problem with a DMVPN Topology with IPSEC:
Everything looks ok, but when the hub goes down and comes back up, the spokes doesn't reconnect to it automatically (I have to enter to the Spoke and reset the interface with shutdown command).
I
s a Simple Dual DMVPN/Dual Hub Solution, this is the topology:
R1 Hub Configuration:
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key cisco1233 address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set transform2 esp-des esp-md5-hmac
!
crypto ipsec profile DMVPN_PROFILE
set transform-set transform2
!
interface Loopback0
ip address 192.168.1.1 255.255.255.0
!
interface Tunnel1
ip address 200.0.1.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp map multicast dynamic
ip nhrp network-id 1
no ip split-horizon eigrp 100
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 1
tunnel protection ipsec profile DMVPN_PROFILE
!
interface FastEthernet0/0
ip address 190.0.0.1 255.255.255.0
duplex auto
speed auto
!
router eigrp 100
network 192.168.1.0
network 200.0.1.0
no auto-summary
!
R2 Hub Configuration:
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key cisco1233 address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set transform2 esp-des esp-md5-hmac
!
crypto ipsec profile DMVPN_PROFILE
set transform-set transform2
!
interface Loopback0
ip address 192.168.2.1 255.255.255.0
!
interface Tunnel1
ip address 200.0.2.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp map multicast dynamic
ip nhrp network-id 2
no ip split-horizon eigrp 100
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 2
tunnel protection ipsec profile DMVPN_PROFILE
!
interface FastEthernet0/0
ip address 190.0.0.2 255.255.255.0
duplex auto
speed auto
!
router eigrp 100
network 192.168.2.0
network 200.0.2.0
no auto-summary
!
R3-R4-R5 Spoke Configuration (The Same Config with Different IP Address):
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key cisco1233 address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set transform2 esp-des esp-md5-hmac
!
crypto ipsec profile DMVPN_PROFILE
set transform-set transform2
!
interface Loopback0
ip address 192.168.3.1 255.255.255.0
!
interface Tunnel1
ip address 200.0.1.3 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp map 200.0.1.1 190.0.0.1
ip nhrp map multicast 190.0.0.1
ip nhrp network-id 1
ip nhrp holdtime 10
ip nhrp nhs 200.0.1.1
ip nhrp registration timeout 3
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 1
tunnel protection ipsec profile DMVPN_PROFILE shared
!
interface Tunnel2
ip address 200.0.2.3 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp map 200.0.2.1 190.0.0.2
ip nhrp map multicast 190.0.0.2
ip nhrp network-id 2
ip nhrp holdtime 10
ip nhrp nhs 200.0.2.1
ip nhrp registration timeout 3
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 2
tunnel protection ipsec profile DMVPN_PROFILE shared
!
interface FastEthernet0/0
ip address 190.0.0.3 255.255.255.0
duplex auto
speed auto
!
router eigrp 100
network 192.168.3.0
network 200.0.1.0
network 200.0.2.0
no auto-summary
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Thanks,
Ramphis Che
03-05-2016 06:08 AM
put this command:
ip nhrp registration timeout 30
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide