Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1460
Views
0
Helpful
7
Replies

DMVPN Spoke Connectivity

Th3cart3r
Level 1
Level 1

‎11-10-2017 06:44 AM - edited ‎03-05-2019 09:27 AM

I have two spoke sites that cannot ping each other.  They are able to ping the rest of my spoke sites but just not each other.  The hub and spoke sites can all reach both of the spokes in question but for some reason they cannot get to each other.  One spoke is a Cisco 4221 and the other is a Cisco 881.  The hub is a Cisco 2951.  I have the tunnel config from the spokes and the hub below, any help would be appreciated.

 

Spoke#1

interface Tunnel0
bandwidth 1100
ip address Spoke IP
no ip redirects
ip mtu 1400
ip hello-interval eigrp 1 10
ip hold-time eigrp 1 30
ip nhrp authentication XXXXX
ip nhrp map multicast dynamic
ip nhrp map HUB 2 IP HUB 2 WAN IP
ip nhrp map multicast HUB 2 WAN IP
ip nhrp network-id 1
ip nhrp holdtime 300
ip nhrp nhs HUB 2 IP
ip tcp adjust-mss 1360
delay 900
tunnel source FastEthernet4
tunnel mode gre multipoint
tunnel key 1
tunnel protection ipsec profile DBMVPN shared
!
interface Tunnel1
bandwidth 1000
ip address Spoke IP
no ip redirects
ip mtu 1400
ip hello-interval eigrp 1 10
ip hold-time eigrp 1 30
ip nhrp authentication XXXXXX
ip nhrp map multicast dynamic
ip nhrp map HUB IP  HUB WAN INTERFACE IP
ip nhrp map multicast HUB WAN INTERFACE IP
ip nhrp network-id 2
ip nhrp holdtime 300
ip nhrp nhs HUB IP
ip nhrp shortcut
ip tcp adjust-mss 1360
delay 1000
tunnel source FastEthernet4
tunnel mode gre multipoint
tunnel key 2
tunnel protection ipsec profile DBMVPN shared

Spoke #2

interface Tunnel0
bandwidth 1100
ip address Spoke2 IP 
no ip redirects
ip mtu 1400
ip hello-interval eigrp 1 10
ip hold-time eigrp 1 30
ip nhrp authentication Here2DBM
ip nhrp map HUB 2 IP HUB 2 WAN INTERFACE IP
ip nhrp map multicast HUB 2 WAN INTERFACE IP
ip nhrp network-id 1
ip nhrp holdtime 300
ip nhrp nhs HUB 2 IP
ip tcp adjust-mss 1360
delay 900
tunnel source GigabitEthernet0/0/0
tunnel mode gre multipoint
tunnel key 1
tunnel protection ipsec profile DBMVPN shared
end


interface Tunnel1
bandwidth 1000
ip address Spoke2 IP 
no ip redirects
ip mtu 1400
ip hello-interval eigrp 1 10
ip hold-time eigrp 1 30
ip nhrp authentication XXXXX
ip nhrp map HUB IP HUB WAN INTERFACE IP
ip nhrp map multicast HUB WAN INTERFACE IP
ip nhrp network-id 2
ip nhrp holdtime 300
ip nhrp nhs HUB IP
ip tcp adjust-mss 1360
delay 1000
tunnel source GigabitEthernet0/0/0
tunnel mode gre multipoint
tunnel key 2
tunnel protection ipsec profile DBMVPN shared

HUB #1

interface Tunnel0
bandwidth 100000
ip address HUB1 IP
no ip redirects
ip mtu 1400
no ip split-horizon eigrp 1
ip nhrp authentication XXXXX
ip nhrp map multicast dynamic
ip nhrp network-id 2
ip nhrp holdtime 300
ip nhrp redirect
ip tcp adjust-mss 1360
delay 1000
tunnel source GigabitEthernet0/1
tunnel mode gre multipoint
tunnel key 2
tunnel protection ipsec profile LHHVPN3

HUB #2

interface Tunnel0
bandwidth 100000
ip address HUB2 IP
no ip redirects
ip mtu 1400
no ip next-hop-self eigrp 1
no ip split-horizon eigrp 1
ip nhrp authentication XXXXX
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip nhrp holdtime 300
ip tcp adjust-mss 1360
delay 1000
tunnel source GigabitEthernet0/1
tunnel mode gre multipoint
tunnel key 1
tunnel protection ipsec profile DBMVPN

Labels:
0 Helpful
7 Replies 7

Flavio Miranda
VIP
VIP

‎11-10-2017 09:43 AM

Hi @Th3cart3r

Could share routing table for both spokes and hubs?

 

 

 

 

 

-If I helped you somehow, please, rate it as useful.-

0 Helpful

paul driver
VIP
VIP

‎11-10-2017 12:19 PM - edited ‎11-10-2017 12:21 PM

Hello

Looks like our using phase 3 DMVPN

 

On your
HUBs (NHS) tunnels
ip nhrp redirect
ip next-hop-self eigrp xx
no ip split-horizon eigrp xx

 

Spokes (NHC) tunnels
ip nhrp nhs x.x.x.x
ip nhrp shortcut

res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Georg Pauwen
VIP
VIP

‎11-11-2017 08:49 AM

Hello,

 

in addition to the other posts, I think you also need the EIGRP summary address on both HUB tunnel interfaces:

 

ip summary-address eigrp 1 0.0.0.0 0.0.0.0

0 Helpful

Junaid Shah
Level 1
Level 1
In response to Georg Pauwen

‎11-11-2017 01:22 PM

Share the output of " Show DMVPN" from both spoke routers and do you see their status as UP after running that command.

 

You can try clear dmvpn session peer <Ip address> and see if that helps. Thanks

0 Helpful

Th3cart3r
Level 1
Level 1
In response to Junaid Shah

‎11-17-2017 12:57 PM

Here are the states for each of the spokes.  Both showing "No State."

 

Spoke 1 (Shanghai):

IPv4 Crypto ISAKMP SA

dst             src             state          conn-id status

66.192.226.165  112.64.163.13   MM_NO_STATE          0 ACTIVE

209.208.34.220  112.64.163.13   QM_IDLE           1174 ACTIVE

209.208.34.219  112.64.163.13   QM_IDLE           1158 ACTIVE

43.224.234.241  112.64.163.13   MM_NO_STATE          0 ACTIVE

43.224.234.241  112.64.163.13   MM_NO_STATE          0 ACTIVE (deleted)

119.75.200.188  112.64.163.13   QM_IDLE           1183 ACTIVE

37.130.252.164  112.64.163.13   MM_NO_STATE          0 ACTIVE

 

Spoke 2 (Hong Kong):

IPv4 Crypto ISAKMP SA

dst             src             state          conn-id slot status

209.208.34.220  43.224.234.241  QM_IDLE           2666    0 ACTIVE

43.224.234.241  66.192.226.165  QM_IDLE           2692    0 ACTIVE

209.208.34.219  43.224.234.241  QM_IDLE           2632    0 ACTIVE

66.192.226.165  43.224.234.241  QM_IDLE           2693    0 ACTIVE

43.224.234.241  119.75.200.188  QM_IDLE           2685    0 ACTIVE

43.224.234.241  112.64.163.13   MM_SA_SETUP          0    0 ACTIVE

43.224.234.241  112.64.163.13   MM_NO_STATE          0    0 ACTIVE (deleted)

0 Helpful

Georg Pauwen
VIP
VIP
In response to Th3cart3r

‎11-17-2017 01:29 PM

Hello,

 

is this the state after adding the commands suggested in this thread ?

0 Helpful

Th3cart3r
Level 1
Level 1
In response to Georg Pauwen

‎11-21-2017 05:42 AM

Yes, if I clear them on both spokes nothing changes.  What's odd is the UpDn time doesn't change on either of them.

 

SPOKE#1

Interface: Tunnel0, IPv4 NHRP Details
Type:Spoke, NHRP Peers:4,

# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
1 209.208.34.220 192.168.22.1 UP 00:10:23 S
1 37.130.252.164 192.168.22.26 UP 5d17h DNX
1 43.224.234.241 192.168.22.161 UP 6d11h DX
1 119.75.200.188 192.168.22.162 UP 00:00:48 D

 

SPOKE#2

Interface: Tunnel0, IPv4 NHRP Details
Type:Spoke, NHRP Peers:3,

# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
2 209.208.34.220 192.168.22.1 UP 3w0d S
0 0.0.0.0 192.168.22.165 NHRP never IX
1 119.75.200.188 192.168.22.162 UP 12:25:30 D
1 66.192.226.165 192.168.22.250 UP 00:04:42 D

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card