Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
351
Views
0
Helpful
3
Replies

DMVPN peers problem

sanjar200994
Level 1
Level 1

‎04-11-2024 04:05 AM

Hello everyone, I created two vrf on my spoke router to switch main and backup ISP, everything works fine, but I have 2 dmvpn peers instead 1. 

sh dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
N - NATed, L - Local, X - No Socket
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
UpDn Time --> Up or Down Time for a Tunnel
==========================================================================

Interface: Tunnel0, IPv4 NHRP Details
Type:Spoke, NHRP Peers:2,

# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
1 x.x.x.3 10.1.1.2 UP 00:06:15 S    (this is right peer)
1 y.y.y.y 10.1.1.35 UP 00:05:32 DX (wrong)

Interface: Tunnel1, IPv4 NHRP Details
Type:Spoke, NHRP Peers:2,

# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
1 x.x.x.4 10.1.2.2 UP 00:11:38 S (this is right peer)
1 a.a.a.a 10.1.2.35 UP 00:11:36 DX (wrong)

interface Tunnel0
ip address 10.1.1.62 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication <key>
ip nhrp map 10.1.1.2 x.x.x.3
ip nhrp map multicast x.x.x.3
ip nhrp network-id <id>
ip nhrp nhs 10.1.1.2
ip nhrp registration no-unique
ip nhrp shortcut
ip nhrp redirect
load-interval 30
delay 10
if-state nhrp
tunnel source Vlan5 (for ISP 1)
tunnel mode gre multipoint
tunnel key <key>
tunnel vrf INET1
tunnel protection ipsec profile profile-DMVPN

 

interface Tunnel1
ip address 10.1.2.62 255.255.255.0
no ip redirects
ip nhrp authentication <key>
ip nhrp map 10.1.2.2 x.x.x.4
ip nhrp map multicast x.x.x..4
ip nhrp network-id 21
ip nhrp nhs 10.1.2.2
ip nhrp registration no-unique
load-interval 30
delay 5000
tunnel source Dialer0 (ISP 2)
tunnel mode gre multipoint
tunnel key <key>
tunnel vrf INET2
tunnel protection ipsec profile profile-DMVPN

 

My Tunnels looking for 10.1.1.2 and 10.1.2.2

but why I have also peer to 10.1.1.35?? 

 

Labels:
0 Helpful
3 Replies 3

MHM Cisco World
VIP
VIP

‎04-11-2024 04:15 AM

This DMVPN ip 10.1.1.35 is for other spokes not for hub' you can check the flag 

DX meaning dyanmic no socket' no socket indicates that there is no traffic pass

Form what I see there is no problem.

MHM

0 Helpful

sanjar200994
Level 1
Level 1
In response to MHM Cisco World

‎04-11-2024 04:19 AM

yes 10.1.1.35 it is other spoke, but why my router try to connect with 10.1.1.35??

on 10.1.1.35 I have errors in log

Apr 11 16:40:55.838: %IOSXE-3-PLATFORM: SIP0: cpp_cp: QFP:0.0 Thread:000 TS:00013473633284447830 %IPSEC-3-REPLAY_ERROR: IPSec SA receives anti-replay error, DP Handle 7, src_addr x.x.x.x, dest_addr y.y.y.y, SPI 0xf016066

0 Helpful

MHM Cisco World
VIP
VIP
In response to sanjar200994

‎04-11-2024 04:38 AM

Why spoke connect to other sure there is traffic need to forward to other spoke

And for error check this link

https://www.cisco.com/c/en/us/support/docs/ip/internet-key-exchange-ike/116858-problem-replay-00.html

MHM

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card