Solved: DMVPN behavior question

Michael Pagan · ‎05-23-2012

I have successfully setup DMVPN between 28XX and 29XX series routers but there is a behavior with the technology that I am curious about. When the tunnels are up and working everything is working great. I have noticed that if the WAN connection drops (mine are primarily Ethernet connections) the affected VPN connection drops and does not recover until I issue a shutdown/no shutdown command on the tunnel0 interface.

Is there a way to configure my routers to reattempt to make a connection without having to manually shutdown the tunnel0 interface? I can post my configs if helpful, but they are about as vanilla as you can get since I follow the DMVPN wizard found in the Cisco Configuration Professional utility.

Thanks for any information you can provide.

Mike

Jeff Van Houten · ‎05-26-2012

Make sure you have Ike keepalives on the remote ends. This will force the tunnels down when there is a wan drop, and you're more likely to get a renew when the connection is restored.

Sent from Cisco Technical Support iPad App

View solution in original post

Joseph W. Doherty · ‎05-24-2012

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

How current is the IOS versions? I've seen similar problems on p2p VPN tunnels that seemed to be corrected after updating the IOS.

Michael Pagan · ‎05-26-2012

I updated to 15.2 something (i dont remember for sure right now) but this really did not change the behavior. In my lab setup I pulled ths WAN connection for a hub (i have dual hubs setup) and the conection didn't recover for 45 minutes. After that it fired back up. I saved the logging message but im not at my co?puter now so I can post them later.

Kishore Chennupati · ‎05-24-2012

perhaps check the bug tool kit to see if your IOS has any related bugs or post your IOS here. Joseph Doherty is a gun with DMVPN's. He will be able to tell you like that

Jeff Van Houten · ‎05-26-2012

Make sure you have Ike keepalives on the remote ends. This will force the tunnels down when there is a wan drop, and you're more likely to get a renew when the connection is restored.

Sent from Cisco Technical Support iPad App

Michael Pagan · ‎05-26-2012

What command do I set the keep alives with. I dont remember seeing any keepalive lines in the config. When i get back to my computer i can double check.

Jeff Van Houten · ‎05-26-2012

Crypto isakmp keepalive

Sent from Cisco Technical Support iPad App

Michael Pagan · ‎06-11-2012

Sorry for the slow response. It appears that this was the line that I needed to recover from WAN issues faster. It worked well when I had the routers on my desk so now that they're in the field I expect them to work the same.

Mike