02-02-2022 11:03 AM - last edited on 02-04-2022 08:59 PM by Translator
We are having problem with the DMVPN configuration. There is a Hub router and several spokes on the branchs. The spokes routers are behind a NAT devices so they have private addresses. When the Hub router build their dmvpn table use the private address as the Peer NBMA Addr. someone knows why this occur? and how to solve this issue? The main issue is that is possible that the spokes have the same private address and cannot register with the hub router due to unique attribute.
Example:
show dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
N - NATed, L - Local, X - No Socket
T1 - Route Installed, T2 - Nexthop-override
C - CTS Capable, I2 - Temporary
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
UpDn Time --> Up or Down Time for a Tunnel
==========================================================================
Interface: Tunnel90, IPv4 NHRP Details
Type:Hub, NHRP Peers:10,
# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
1 192.168.11.12 90.1.0.2 UP 00:18:22 D
Solved! Go to Solution.
02-02-2022 02:45 PM - last edited on 02-04-2022 09:02 PM by Translator
indeed Yes,
hub must detect that the NBMA is different than NHRP register.
show ip nhrp
this claim NBMA must be show if not and you use IPSec Profile for secure the DMVPN, please make the mode as transport.
02-02-2022 11:15 AM - last edited on 02-04-2022 09:04 PM by Translator
NBMA address is tunnel
ip config
in the Spoke
tunnel address is public ip address of the Spoke
the unique effect the public ip address not the NBMA address, this feature make your spoke same NBMA don't have two different public ip "spically in case of public ip get from ISP via DHCP".
after that where the NAT make issue here?
02-02-2022 11:40 AM
When the hub router detects that the spoke is behind nat, it use the attribute N and the public addres as the peer identifier. But in the router of our organization do not appear the N attribute.
02-02-2022 02:45 PM - last edited on 02-04-2022 09:02 PM by Translator
indeed Yes,
hub must detect that the NBMA is different than NHRP register.
show ip nhrp
this claim NBMA must be show if not and you use IPSec Profile for secure the DMVPN, please make the mode as transport.
02-02-2022 03:04 PM
That is a good idea!, i will try and let you know if this function.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide