Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation

Who Me Too'd this topic

DMVPN tunnel up also crypto session but can't ping S2S

nabil_shokery
Level 1
Level 1

‎01-03-2014 07:08 AM - edited ‎02-21-2020 07:25 PM

Dears,

     I configures DMVPN tunnel but HUB and SPOK refer to the following configration but we can't ping tunnel IP while it is up also crypto session is active can check and guide me to know reason. (Note: I do this LAB on a GNS3)

HUB CofigurationSPOK Configuration

!

crypto isakmp policy 10

encr 3des

hash md5

authentication pre-share

group 2

crypto isakmp key cisco address 0.0.0.0 0.0.0.0

crypto isakmp keepalive 10 3 periodic

!

!

crypto ipsec transform-set dmvpn esp-aes esp-sha-hmac

mode transport

crypto ipsec fragmentation after-encryption

!

crypto ipsec profile dmvpn

set security-association lifetime seconds 86400

set security-association idle-time 86400

set transform-set dmvpn

!

interface Loopback0

ip address 9.9.9.9 255.255.255.255

!

interface Tunnel1

ip address 4.4.4.1 255.255.255.252

no ip redirects

ip mtu 1400

ip nhrp authentication 1

ip nhrp map multicast dynamic

ip nhrp network-id 1

ip nhrp holdtime 600

ip tcp adjust-mss 1300

tunnel source Loopback0

tunnel mode gre multipoint

tunnel key 1

tunnel protection ipsec profile dmvpn

!

interface Serial1/0

ip address 1.1.1.1 255.255.255.252

serial restart-delay 0

!

!

crypto isakmp policy 10

encr 3des

hash md5

authentication pre-share

group 2

crypto isakmp key cisco address 9.9.9.9

crypto isakmp keepalive 10 3 periodic

!

!

crypto ipsec transform-set dmvpn esp-aes esp-sha-hmac

mode transport

crypto ipsec fragmentation after-encryption

!

crypto ipsec profile dmvpn

set transform-set dmvpn

!

interface Loopback0

ip address 8.8.8.8 255.255.255.255

!

interface Tunnel1

ip address 4.4.4.2 255.255.255.252

ip mtu 1400

ip nhrp authentication 1

ip nhrp map multicast 9.9.9.9

ip nhrp map 4.4.4.1 9.9.9.9

ip nhrp network-id 1

ip nhrp holdtime 600

ip nhrp nhs 4.4.4.1

ip nhrp registration no-unique

ip tcp adjust-mss 1300

tunnel source Serial1/0

tunnel destination 9.9.9.9

tunnel key 1

tunnel protection ipsec profile dmvpn

!

interface Serial1/0

ip address 1.1.1.2 255.255.255.252

serial restart-delay 0

!

ip route 9.9.9.9 255.255.255.255 1.1.1.1

Show command for this issue as the following:

HUBSPOK

HUB#show crypto session

Crypto session current status

Interface: Tunnel1

Session status: UP-ACTIVE

Peer: 1.1.1.2 port 500

  IKE SA: local 9.9.9.9/500 remote 1.1.1.2/500 Active

  IPSEC FLOW: permit 47 host 9.9.9.9 host 1.1.1.2

        Active SAs: 2, origin: crypto map

SPOK1#show crypto session

Crypto session current status

Interface: Tunnel1

Session status: UP-ACTIVE

Peer: 9.9.9.9 port 500

  IKE SA: local 1.1.1.2/500 remote 9.9.9.9/500 Active

  IKE SA: local 1.1.1.2/500 remote 9.9.9.9/500 Inactive

  IPSEC FLOW: permit 47 host 1.1.1.2 host 9.9.9.9

        Active SAs: 2, origin: crypto map

HUB#show ip nhrp

SPOK1#sh ip nhrp

4.4.4.1/32 via 4.4.4.1, Tunnel1 created 03:46:17, never expire

  Type: static, Flags: authoritative

  NBMA address: 9.9.9.9

HUB#sh ip int brief

Interface              IP-Address      OK? Method Status                Protocol

FastEthernet0/0        unassigned      YES unset  administratively down down

Serial1/0              1.1.1.1         YES manual up                    up

Serial1/1              2.2.2.1         YES manual up                    down

Serial1/2              unassigned      YES unset  administratively down down

Serial1/3              unassigned      YES unset  administratively down down

Serial1/4              unassigned      YES unset  administratively down down

Serial1/5              unassigned      YES unset  administratively down down

Serial1/6              unassigned      YES unset  administratively down down

Serial1/7              unassigned      YES unset  administratively down down

Loopback0              9.9.9.9         YES manual up                    up

Tunnel1                4.4.4.1         YES manual up                    up

HUB#ping 4.4.4.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 4.4.4.2, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

HUB#ping 4.4.4.2 so

HUB#ping 4.4.4.2 source 4.4.4.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 4.4.4.2, timeout is 2 seconds:

Packet sent with a source address of 4.4.4.1

.....

Success rate is 0 percent (0/5)

SPOK1#sh ip int brief

Interface              IP-Address      OK? Method Status                Protocol

FastEthernet0/0        unassigned      YES unset  administratively down down

Serial1/0              1.1.1.2         YES manual up                    up

Serial1/1              unassigned      YES unset  administratively down down

Serial1/2              unassigned      YES unset  administratively down down

Serial1/3              unassigned      YES unset  administratively down down

Serial1/4              unassigned      YES unset  administratively down down

Serial1/5              unassigned      YES unset  administratively down down

Serial1/6              unassigned      YES unset  administratively down down

Serial1/7              unassigned      YES unset  administratively down down

Loopback0              8.8.8.8         YES manual up                    up

Tunnel1                4.4.4.2         YES manual up                    up

SPOK1#ping 4.4.4.1 source 4.4.4.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 4.4.4.1, timeout is 2 seconds:

Packet sent with a source address of 4.4.4.2

.....

Success rate is 0 percent (0/5)

SPOK1#ping 9.9.9.9

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 9.9.9.9, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/28/72 ms

1 person had this problem
Labels:
0 Helpful
Who Me Too'd this topic