Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
674
Views
2
Helpful
6
Replies

DMVPN flapping

Shadow7777777
Level 1
Level 1

‎08-25-2023 09:43 AM

Hello,

We have some problem with one of our DMVPN config.

Shadow7777777_0-1692981300994.png

 

Our customer is reporting a problem with the DMVPN tunnel disconnecting for one of their branches. Tunnel restart on branch router may temporarily solve the problem. Deleting and re-entering the configuration on the branch router also sometimes resolves problem. However, none of the above solutions are stable and long-lasting.

Why this is happening, what we should check?

There is one log comming from IKE:

failed its sanity check or is malformed <-- can this be a couse of this? 

Whole config and some logs attached.

Many thanks for any advices or hints.

Labels:
Preview file
21 KB
0 Helpful
6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

‎08-25-2023 09:59 AM

i am going to review the config  more detailed

High level on the Hub and Spoke, how come the IP address in the tunnel are duplicate ?

for testing Shutdown the Duplicate Tunnel interface and check the stability ?

Still issue provide what router and IOS code running ? is this issue from the Day 1 of deployment ? or been running and suddendly you see this issue ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Shadow7777777
Level 1
Level 1
In response to balaji.bandi

‎08-27-2023 09:21 AM

 

So maybe questions are, what configuration data are we missing for analysis (with what commands we can get them) except of those I attached in setup and log file? What information about the network topology we are missing? What information We are missing from the description of the problem itself?

Do we have a suspicion what could be the cause of the problem and how to fix it? Or any temporary workaround? 

 

I will try to collect this data and post it here to get this topic more covered.

0 Helpful

paul driver
VIP
VIP
In response to Shadow7777777

‎08-28-2023 02:15 PM

Hello
i would also check your routing, I suspect you are not creating the correct S2S peering dynamically and everything is being routed via the hubs, given that you were missing those commands on the NHS I previously mentioned 

sh ip nhrp details
traceroute xxxxx numeric


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

paul driver
VIP
VIP

‎08-28-2023 04:15 AM

Hello
I dont see your hubs setup for dynamic routing (multicast) which is required, also by default eigrp will change the next-hop address to itself when it receives then advertises prefixes towards the NHC, so this needs to negated as well.

HUBS
Int tun1
no ip next-hop-self eigrp 1
ip nhrp map multicast dynamic


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Shadow7777777
Level 1
Level 1

‎08-28-2023 05:50 AM

Hello,

Just to mention solution, there was problem with IPsec, we can see in logs different spokes are connecting to HUB with the same public IP which was after some time giving link going down.

balaji.bandi
Hall of Fame
Hall of Fame
In response to Shadow7777777

‎08-28-2023 01:50 PM

glad all good i was suspecting some config - but good to know you fixed the issue.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card