cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1733
Views
1
Helpful
15
Replies

DMVPN Spoke not connecting when using starlink

Wizard4777
Level 1
Level 1

Wizard4777_0-1713062782888.png

I have set up as above. I am using starlink at one of my spokes. I am not able to get to pass VPN traffic even though show dmvpn shows that the vpn is up. 

1 Accepted Solution

Accepted Solutions

Wizard4777
Level 1
Level 1

I have resolved this issue by just removing the tunnel interface and pasting the same config back recreating the tunnel interface.

View solution in original post

15 Replies 15

Share 

Show dmvpn detail 

In spoke you have issue with 

MHM

On the hub, I can see that the tunnel is up but I am unable to ping the Spoke tunnel IP: 172.29.255.201

 

Wizard4777_0-1713097381182.png

 

I have a single hub and multiple spokes but with this spoke, i want to use to ISP and one is starlink. I created two tunnels on spoke and used shared tunnel protection. one tunnel for the other ISP and one tunnel for starlink, both to be connected to the single tunnel dmvpn hub.

Hello,

post the running configs of your hub and spoke routers...

only one router is affected when connection is pushed through starlink. when pushed through other ISP no issues. so config is definitely not the issue.

Hello,

post the spoke config anyway, as we do not know what you have configured (Phase 1/2/3, which underlying routing, etc.), we may spot something. Starlink uses TCP spoofing optimization; if you use the default policy, you are also dealing with CGNAT. Are you using a 100.64.0.0/10 IP address (which means you are using the default policy) ?

flags is DN meaning dyanimc NAT 

And the claimed IP appear' this good indication that hub detect behind NAT spoke'

Last steps is you need to use 

Ipsec transfers AH no ESP 

Also you need to use trabsport mode not tunnel mode.

MHM

does that mean i change the hub also to AH? using transport mode

In spoke add AH and transport 

In Hub add AH only as second ipsec trans' 

This make hub work with spoke use esp and spoke use AH with transport 

MHM

can you provide me a sample config for this? i don't seem to get what you mean.

Hub config 

Crypto ipsec trans spoke1 esp- 

Mode tunnel 

!

Crypto ipsec trans AH- 

Mode transport 

In Spoke1 (behind NAT)

Crypto ipsec trans AH- 

Mode transport 

In Spoke2 (not behind NAT)

Crypto ipsec trans ESP-

Mode tunnel 

MHM

Thank you. I will keep this for future reference

Wizard4777
Level 1
Level 1

I have resolved this issue by just removing the tunnel interface and pasting the same config back recreating the tunnel interface.

without AH and transport ??

MHM

Review Cisco Networking for a $25 gift card