Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
726
Views
5
Helpful
4
Replies

DMVPN NAT problem. Attrb N do not appear

Go to solution
eduardomora473
Level 1
Level 1

‎02-02-2022 11:03 AM - last edited on ‎02-04-2022 08:59 PM by Community Manager

We are having problem with the DMVPN configuration. There is a Hub router and several spokes on the branchs. The spokes routers are behind a NAT devices so they have private addresses. When the Hub router build their dmvpn table use the private address as the Peer NBMA Addr. someone knows why this occur? and how to solve this issue? The main issue is that is possible that the spokes have the same private address and cannot register with the hub router due to unique attribute.

Example:

show dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
N - NATed, L - Local, X - No Socket
T1 - Route Installed, T2 - Nexthop-override
C - CTS Capable, I2 - Temporary
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
UpDn Time --> Up or Down Time for a Tunnel
==========================================================================

Interface: Tunnel90, IPv4 NHRP Details
Type:Hub, NHRP Peers:10,

# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
1 192.168.11.12 90.1.0.2 UP 00:18:22 D


1 Accepted Solution

Accepted Solutions

Go to solution
MHM Cisco World
VIP
VIP
In response to eduardomora473

‎02-02-2022 02:45 PM - last edited on ‎02-04-2022 09:02 PM by Community Manager

indeed Yes, 
hub must detect that the NBMA is different than NHRP register.

show ip nhrp


this claim NBMA must be show if not and you use IPSec Profile for secure the DMVPN, please make the mode as transport.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
MHM Cisco World
VIP
VIP

‎02-02-2022 11:15 AM - last edited on ‎02-04-2022 09:04 PM by Community Manager

NBMA address is tunnel

ip config

in the Spoke 
tunnel address is public ip address of the Spoke 
the unique effect the public ip address not the NBMA address, this feature make your spoke same NBMA don't have two different public ip "spically in case of public ip get from ISP via DHCP".
after that where the NAT make issue here?

0 Helpful

Go to solution
eduardomora473
Level 1
Level 1
In response to MHM Cisco World

‎02-02-2022 11:40 AM

When the hub router detects that the spoke is behind nat, it use the attribute N and the public addres as the peer identifier. But in the router of our organization do not appear the N attribute.

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to eduardomora473

‎02-02-2022 02:45 PM - last edited on ‎02-04-2022 09:02 PM by Community Manager

indeed Yes, 
hub must detect that the NBMA is different than NHRP register.

show ip nhrp


this claim NBMA must be show if not and you use IPSec Profile for secure the DMVPN, please make the mode as transport.

0 Helpful

Go to solution
eduardomora473
Level 1
Level 1
In response to MHM Cisco World

‎02-02-2022 03:04 PM

That is a good idea!, i will try and let you know if this function.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card