I really wish you could help me with the problem that I have.
I am using this design from DMVPN.
I have a Hub behind a firewall using static NAT. I have 2 ISP links, one active for DMVPN 1 and one pasive (backup) for DMVPN 2. If primary ISP fails, using IP SLA the Hub and the firewall will change to the secondary ISP and form the tunnels for DMVPN 2.
Solved! Go to Solution.
Thank you very much! This resolved the problem with the Spoke to Spoke tunnels.
I see another issue with some Spokes that use NAT. Those sites don't complete the spoke to spoke tunnels. I think this is because they are using NAT PAT instead static NAT.
at first glance, it looks like you forget to disable split horizon and next hop self on the spokes. Try to add the lines marked in bold to your spokes:
ip address 10.0.0.2 255.255.255.0
no ip redirects
ip mtu 1400
ip hello-interval eigrp 40 10
ip hold-time eigrp 40 60
no ip next-hop-self eigrp 40
no ip split-horizon eigrp 40
ip nhrp authentication Example
ip nhrp map multicast x.x.x.x (Hub NBMA address DMVPN1)
ip nhrp map 10.0.0.1 x.x.x.x (Hub NBMA address DMVPN1
ip nhrp network-id 10
ip nhrp nhs 10.0.0.1
ip nhrp registration timeout 10
ip tcp adjust-mss 1360
tunnel source Dialer0
tunnel mode gre multipoint
tunnel key 10
tunnel protection ipsec profile Remote50 shared
Thank you for your Help!
The solution to my problem was to add the pre-shared key on every Spoke to allow the creation of Spoke to Spoke tunnels.
crypto isakmp key Example123 address 0.0.0.0 no-xauth
The commands "no ip next-hop-self eigrp 40" and "no ip split-horizon eigrp 40" are only necessary in the HUB.