01-03-2014 07:08 AM - edited 02-21-2020 07:25 PM
Dears,
I configures DMVPN tunnel but HUB and SPOK refer to the following configration but we can't ping tunnel IP while it is up also crypto session is active can check and guide me to know reason. (Note: I do this LAB on a GNS3)
HUB Cofiguration | SPOK Configuration |
---|---|
! crypto isakmp policy 10 encr 3des hash md5 authentication pre-share group 2 crypto isakmp key cisco address 0.0.0.0 0.0.0.0 crypto isakmp keepalive 10 3 periodic ! ! crypto ipsec transform-set dmvpn esp-aes esp-sha-hmac mode transport crypto ipsec fragmentation after-encryption ! crypto ipsec profile dmvpn set security-association lifetime seconds 86400 set security-association idle-time 86400 set transform-set dmvpn ! interface Loopback0 ip address 9.9.9.9 255.255.255.255 ! interface Tunnel1 ip address 4.4.4.1 255.255.255.252 no ip redirects ip mtu 1400 ip nhrp authentication 1 ip nhrp map multicast dynamic ip nhrp network-id 1 ip nhrp holdtime 600 ip tcp adjust-mss 1300 tunnel source Loopback0 tunnel mode gre multipoint tunnel key 1 tunnel protection ipsec profile dmvpn ! interface Serial1/0 ip address 1.1.1.1 255.255.255.252 serial restart-delay 0 ! | ! crypto isakmp policy 10 encr 3des hash md5 authentication pre-share group 2 crypto isakmp key cisco address 9.9.9.9 crypto isakmp keepalive 10 3 periodic ! ! crypto ipsec transform-set dmvpn esp-aes esp-sha-hmac mode transport crypto ipsec fragmentation after-encryption ! crypto ipsec profile dmvpn set transform-set dmvpn ! interface Loopback0 ip address 8.8.8.8 255.255.255.255 ! interface Tunnel1 ip address 4.4.4.2 255.255.255.252 ip mtu 1400 ip nhrp authentication 1 ip nhrp map multicast 9.9.9.9 ip nhrp map 4.4.4.1 9.9.9.9 ip nhrp network-id 1 ip nhrp holdtime 600 ip nhrp nhs 4.4.4.1 ip nhrp registration no-unique ip tcp adjust-mss 1300 tunnel source Serial1/0 tunnel destination 9.9.9.9 tunnel key 1 tunnel protection ipsec profile dmvpn ! interface Serial1/0 ip address 1.1.1.2 255.255.255.252 serial restart-delay 0 ! ip route 9.9.9.9 255.255.255.255 1.1.1.1 |
Show command for this issue as the following:
HUB | SPOK |
---|---|
HUB#show crypto session Crypto session current status Interface: Tunnel1 Session status: UP-ACTIVE Peer: 1.1.1.2 port 500 IKE SA: local 9.9.9.9/500 remote 1.1.1.2/500 Active IPSEC FLOW: permit 47 host 9.9.9.9 host 1.1.1.2 Active SAs: 2, origin: crypto map | SPOK1#show crypto session Crypto session current status Interface: Tunnel1 Session status: UP-ACTIVE Peer: 9.9.9.9 port 500 IKE SA: local 1.1.1.2/500 remote 9.9.9.9/500 Active IKE SA: local 1.1.1.2/500 remote 9.9.9.9/500 Inactive IPSEC FLOW: permit 47 host 1.1.1.2 host 9.9.9.9 Active SAs: 2, origin: crypto map |
HUB#show ip nhrp | SPOK1#sh ip nhrp 4.4.4.1/32 via 4.4.4.1, Tunnel1 created 03:46:17, never expire Type: static, Flags: authoritative NBMA address: 9.9.9.9 |
HUB#sh ip int brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 unassigned YES unset administratively down down Serial1/0 1.1.1.1 YES manual up up Serial1/1 2.2.2.1 YES manual up down Serial1/2 unassigned YES unset administratively down down Serial1/3 unassigned YES unset administratively down down Serial1/4 unassigned YES unset administratively down down Serial1/5 unassigned YES unset administratively down down Serial1/6 unassigned YES unset administratively down down Serial1/7 unassigned YES unset administratively down down Loopback0 9.9.9.9 YES manual up up Tunnel1 4.4.4.1 YES manual up up HUB#ping 4.4.4.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 4.4.4.2, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) HUB#ping 4.4.4.2 so HUB#ping 4.4.4.2 source 4.4.4.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 4.4.4.2, timeout is 2 seconds: Packet sent with a source address of 4.4.4.1 ..... Success rate is 0 percent (0/5) | SPOK1#sh ip int brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 unassigned YES unset administratively down down Serial1/0 1.1.1.2 YES manual up up Serial1/1 unassigned YES unset administratively down down Serial1/2 unassigned YES unset administratively down down Serial1/3 unassigned YES unset administratively down down Serial1/4 unassigned YES unset administratively down down Serial1/5 unassigned YES unset administratively down down Serial1/6 unassigned YES unset administratively down down Serial1/7 unassigned YES unset administratively down down Loopback0 8.8.8.8 YES manual up up Tunnel1 4.4.4.2 YES manual up up SPOK1#ping 4.4.4.1 source 4.4.4.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 4.4.4.1, timeout is 2 seconds: Packet sent with a source address of 4.4.4.2 ..... Success rate is 0 percent (0/5) SPOK1#ping 9.9.9.9 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 9.9.9.9, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/28/72 ms |