Solved: DMVPN mGRE tunnel issue

rathinilesh · ‎08-08-2012

Hi,

i am trying to get my hands dirty with mGRE. Please check the attached image. It a fairly basic scenario. R2 as the hub and R4 as a branch router. The eigrp neighborship between the two tunnel interfaces is not coming up. If I configure "tunnel destination 10.1.34.4" on R2 then the eigrp neighborship between the two tunnel interfaces comes up successfully. I am not sure what am I missing.

My configs are as below

R2#

crypto isakmp policy 10

encr 3des

authentication pre-share

crypto isakmp key bigsecret address 0.0.0.0 0.0.0.0

crypto isakmp keepalive 10

crypto ipsec transform-set vpn-test esp-3des esp-sha-hmac

mode transport

crypto ipsec profile VPN-DMVPN

set security-association lifetime seconds 120

set transform-set vpn-test

interface Tunnel0

bandwidth 1536

ip address 10.1.24.2 255.255.255.0

ip mtu 1300

tunnel source FastEthernet0/1

tunnel mode gre multipoint

tunnel key 100000

tunnel protection ipsec profile VPN-DMVPN

router eigrp 24

network 10.1.12.2 0.0.0.0

network 10.1.24.2 0.0.0.0

no auto-summary

eigrp router-id 2.2.2.2

R4#

crypto isakmp policy 10

encr 3des

authentication pre-share

crypto isakmp key bigsecret address 10.1.23.2

crypto isakmp keepalive 10

crypto ipsec transform-set vpn-test esp-3des esp-sha-hmac

mode transport

crypto ipsec profile VPN-DMVPN

set security-association lifetime seconds 120

set transform-set vpn-test

interface Tunnel0

bandwidth 1536

ip address 10.1.24.4 255.255.255.0

ip mtu 1300

tunnel source FastEthernet0/0

tunnel destination 10.1.23.2

tunnel key 100000

tunnel protection ipsec profile VPN-DMVPN

router eigrp 24

network 10.1.24.4 0.0.0.0

network 10.1.45.4 0.0.0.0

no auto-summary

eigrp router-id 4.4.4.4

answanso · ‎08-08-2012

Hi Nilesh,

You are missing the NHRP mappings required to make mGRE work. You will also need to disable split horizon on the hub. Try the following configuration:

R2#

interface Tunnel0

bandwidth 1536

ip address 10.1.24.2 255.255.255.0

ip mtu 1300

ip nhrp map multicast dynamic

ip nhrp network-id 100

ip hhrp holdtime 600

no ip split-horizon eigrp

tunnel source FastEthernet0/1

tunnel mode gre multipoint

tunnel key 100000

tunnel protection ipsec profile VPN-DMVPN

R4#

interface Tunnel0

bandwidth 1536

ip address 10.1.24.4 255.255.255.0

ip mtu 1300

ip nhrp map 10.1.24.2 fa0/1-ipaddress

ip nhrp network-id 100

ip hhrp holdtime 600

ip nhrp nhs 10.1.24.2

tunnel source FastEthernet0/0

tunnel destination 10.1.23.2

tunnel key 100000

tunnel protection ipsec profile VPN-DMVPN

Here is a document that explains the configuration a little further:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_white_paper09186a008018983e.shtml

HTH

Anthony

View solution in original post

answanso · ‎08-08-2012

Hi Nilesh,

You are missing the NHRP mappings required to make mGRE work. You will also need to disable split horizon on the hub. Try the following configuration:

R2#

interface Tunnel0

bandwidth 1536

ip address 10.1.24.2 255.255.255.0

ip mtu 1300

ip nhrp map multicast dynamic

ip nhrp network-id 100

ip hhrp holdtime 600

no ip split-horizon eigrp

tunnel source FastEthernet0/1

tunnel mode gre multipoint

tunnel key 100000

tunnel protection ipsec profile VPN-DMVPN

R4#

interface Tunnel0

bandwidth 1536

ip address 10.1.24.4 255.255.255.0

ip mtu 1300

ip nhrp map 10.1.24.2 fa0/1-ipaddress

ip nhrp network-id 100

ip hhrp holdtime 600

ip nhrp nhs 10.1.24.2

tunnel source FastEthernet0/0

tunnel destination 10.1.23.2

tunnel key 100000

tunnel protection ipsec profile VPN-DMVPN

Here is a document that explains the configuration a little further:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_white_paper09186a008018983e.shtml

HTH

Anthony

rathinilesh · ‎08-13-2012

Hi Anthony,

Thank you for your reply. Your config/example worked for me. I had initially added the nhrp statements but had messed it up and couldn't bring up the tunnel. I also managed to get a Dual Hub Single DMVPN to work.

Regards,

Nilesh