Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2390
Views
0
Helpful
4
Replies

Different types of tunnels

Robert Craig
Level 3
Level 3

‎03-09-2013 01:49 PM - edited ‎03-04-2019 07:14 PM

Can one router terminate a SVTI in addition to being a DMVPN hub? It seems like when I turn on the DMVPN interface, the SVTI tunnel disconnects itself.

Labels:
0 Helpful
4 Replies 4

Peter Paluch
Cisco Employee
Cisco Employee

‎03-09-2013 02:08 PM

Robert,

Can you post a configuration of both interfaces and a description or a configuration of the resulting routing? I suspect more that after you start the DMVPN, the routing changes in such a way that it influences the destination of the SVTI.

Best regards,

Peter

0 Helpful

Robert Craig
Level 3
Level 3
In response to Peter Paluch

‎03-09-2013 06:27 PM

No problem. As you can see below, Tunnel 1 is the SVTI to the spoke. The minute I 'no shut' Tunnel 5, I lose the connection through Tunnel 1. I am using OSPF, but even when I had static routes, it failed.

Hub side

interface Tunnel1

bandwidth 5000

bandwidth receive 2000

ip address 10.10.10.1 255.255.255.248

ip mtu 1446

ip ospf 1 area 0

load-interval 30

qos pre-classify

keepalive 10 3

tunnel source GigabitEthernet0/0

tunnel destination 184.185.X.X

tunnel mode ipsec ipv4

tunnel protection ipsec profile Rogers-VPN

service-policy output Tunnel-to-Rogers

interface Tunnel5

ip address 10.10.20.1 255.255.255.0

no ip redirects

ip mtu 1472

ip nhrp map multicast dynamic

ip nhrp network-id 1

ip tcp adjust-mss 1400

ip ospf 1 area 0

shutdown

keepalive 10 3

tunnel source Loopback0

tunnel mode gre multipoint

tunnel key 50

Spoke Side

interface Tunnel1

bandwidth 2000

bandwidth receive 5000

ip address 10.10.10.2 255.255.255.248

ip mtu 1446

ip ospf 1 area 0

qos pre-classify

keepalive 10 3

tunnel source FastEthernet0/0

tunnel mode ipsec ipv4

tunnel destination 68.3.X.X

tunnel protection ipsec profile Rob-House-VPN

service-policy output Tunnel-to-AZ

interface Tunnel3

description Test

ip address 10.10.20.2 255.255.255.0

no ip redirects

ip mtu 1472

ip nhrp map 10.10.20.1 68.3.102.45

ip nhrp map multicast 68.3.102.45

ip nhrp network-id 1

ip nhrp nhs 10.10.20.1

ip tcp adjust-mss 1400

ip ospf 1 area 0

shutdown

keepalive 10 3

tunnel source 184.185.209.53

tunnel mode gre multipoint

tunnel key 50

tunnel protection ipsec profile Rob-House-VPN

0 Helpful

Robert Craig
Level 3
Level 3
In response to Robert Craig

‎03-09-2013 06:29 PM

I guess a better question would be is it possible to have the same router be the 'hub' of more than one tunnel? I only have one IP from my ISP, but would like to terminate different types of tunnels.

0 Helpful

Robert Craig
Level 3
Level 3
In response to Robert Craig

‎03-10-2013 11:20 AM

I figured it out. I had some static routes stuck that was preventing it from working. The plain GRE tunnels came up when I removed the static routes. What I noticed is that IPSEC doesn't like when the router is using virtual-templates (DVTI) and trying to be a DMVPN hub with ipsec protection at the same time. In other words, the same router can't be a VPN client hub and DMVPN hub. Can anyone confirm that limitation?

0 Helpful
Customers Also Viewed These Support Documents