Re: DMVPN Phase2 spoke to spoke connection fails

bymc · ‎04-27-2021

output:
SHOW ip nhrp
Tunnel 1 created 00:-1:03 expire 00:02:01
Type: incomplete, Flags: negative
Cache hits:2

other than the spoke failed to connect to another spoke what is the next step in resolving the connection issue.

The outside of each spoke router can access the outside of the other spoke router.
this is a problem between these two sites each spoke router has connectivity between 90 other spoke routers on the same DMVPN network.
thanks
blmc

Georg Pauwen · ‎04-27-2021

Hello,

difficult to say what the problem is. Are all 90 spokes configured in the same way ? Is there a difference in hardware/software ?

bymc · ‎04-28-2021

The Spoke routers are Cisco 4300isr, both spokes are running IOS-XE version 15.5(3)S4B. The Hub router is a ASR1001-X running IOS XE version 15.5(3)S10.

BYMC

bymc · ‎04-28-2021

I removed the line " ip nhrp shortcut " from the spoke routers DMVPN configuration. These two sites DMVPN connection is still down.

Router-1 DMVPN IP: 172.16.19.2 and router-2 DMVPN IP: 172.16.19.4

Now on one of the spoke routers in question from router-2 the show IP NHRP output reads:
172.16.19.2 via 172.16.19.2
Tunnel created 00:01:59, expires 00:01:05
Type: dynamic, Flags: used temporary
NBMA address (DMVPN Hub out site IP Address)

Router-1 show ip nhrp , did not have any entry for router-2

Hope this provides some additional insight.
BYMC

MHM Cisco World · ‎04-27-2021

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve99492/?rfs=iqvred

bug

MHM Cisco World · ‎04-28-2021

Do you check bug, i think it is issue here

paul driver · ‎04-29-2021

Hello
Please post the output of the following into a file and attach please.
Hub (NHS) & affected Spoke (NHC)
sh ip protocols
sh run int tun xx ( the NHRP tunnel)
sh ip int brief

Also if you can disable /enable the affected spokes tunnel interface

Spoke
debug nhrp
int tun xx
shut
no shut

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

bymc · ‎04-29-2021

Paul,

I am unable to restart/bounce most of the sites tunnels due to site activity. I found multiple sites with the same issue and was able to bounce two sets of the sites tunnels.

In one case this recovered the site to site connectivity between these two site.

But the second set of sites bouncing the tunnels did not recover the DMVPN connection between these two sites.

I also went through the spoke sites with the connection issue and removed the line "ip nhrp shortcut" from the tunnel configs.

BYMC

paul driver · ‎04-29-2021

Hello

@bymc wrote:

Paul,

I also went through the spoke sites with the connection issue and removed the line "ip nhrp shortcut" from the tunnel configs.

So it sounds like you are using eigrp as the routing protocol, can you post the the run config of the tunnel interfaces from the NHS HUB and at least one of the NHC spoke.

Please post the output of the following into a file and attach please.
Hub (NHS) & affected Spoke (NHC)
sh ip protocols
sh run int tun xx ( the NHRP tunnel)
sh ip int brief

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul