03-16-2009 02:59 AM - edited 03-04-2019 03:56 AM
Hello!
Please see the configuration below.
Everythind is working w/o tunnel protection. NHRP registrations are completed, VRF eigrp is working.
If i set the tunnel protection the NHRP client registraton turn into incomplete and VRF eigrp does not working also. ( because of lack of multicast )
I've checked many config on CCO but everythin was in vain.
Thanks
!HUB
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key conet address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
mode transport
!
crypto ipsec profile SDM_Profile1
set transform-set ESP-3DES-SHA
!
!
!
!
!
!
!
interface Loopback0
ip address 172.0.1.1 255.255.255.255
!
interface Tunnel0
bandwidth 1000
ip vrf forwarding security
ip address 10.255.255.254 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication conet
ip nhrp map multicast dynamic
ip nhrp network-id 200
ip nhrp holdtime 360
ip tcp adjust-mss 1360
delay 1000
tunnel source Loopback0
tunnel mode gre multipoint
tunnel key 1000
tunnel protection ipsec profile SDM_Profile1
-------------
! SPOKE
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key conet address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
mode transport
!
crypto ipsec profile SDM_Profile1
set transform-set ESP-3DES-SHA
!
!
!
!
!
!
!
interface Loopback0
description teszt if
ip vrf forwarding security
ip address 172.2.1.1 255.255.255.255
!
interface Tunnel0
bandwidth 1000
ip vrf forwarding security
ip address 10.255.255.2 255.255.255.0
ip mtu 1400
ip nhrp authentication conet
ip nhrp map 10.255.255.254 255.255.255.0 209.209.209.209
ip nhrp map multicast 209.209.209.209
ip nhrp network-id 2
ip nhrp holdtime 360
ip nhrp nhs 10.255.255.254
ip tcp adjust-mss 1360
delay 1000
tunnel source Serial0/0/0
tunnel destination 172.0.1.1
tunnel key 1000
tunnel protection ipsec profile SDM_Profile1
03-16-2009 06:24 AM
Hello Karoly,
what you see can be caused by the IOS image on the hub.
What platform and what IOS release you use as Hub ? and for the spoke ?
you can use feature navigator to verify if you have VRF aware NHRP support in your release
see
Hope to help
Giuseppe
03-16-2009 06:36 AM
Hi'
It's may be a good question but unfortunetly i did not find vrf-aware nhrp in the feature guide.
and i have problem after i set th etunnel protection. Without tunnel protection the nhrp (with VRF) is working well.
By the way the IOS version is
Cisco IOS Software, 2800 Software (C2800NM-ADVSECURITYK9-M), Version 12.4(22)T, RELEASE SOFTWARE (fc1).
Regards,
03-16-2009 08:44 AM
Hello Karoly,
I've given a look to some example.
see
What happens if you don't use the VRF on the spoke ?
Hope to help
Giuseppe
03-17-2009 02:15 AM
Hi,
Thanks your comments.
It was CSCsc13355 bug.
After donwgrade all features work well.
Regards
03-17-2009 02:16 AM
Exact bug number is
CSCsx13355
03-17-2009 03:59 AM
Hello Karoly,
thanks for having reported the solution to your issue this makes the thread helpful for others that can have the same problem.
Best Regards
Giuseppe
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: