Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
29515
Views
5
Helpful
30
Replies

DMVPN Tunnel went to NHRP state After Spoke Router Reboot

sathish.062
Level 1
Level 1

‎09-12-2018 04:32 AM - edited ‎03-05-2019 10:55 AM

Hi Friends,

 

DMVPN Tunnel went to NHRP state After Spoke Router Reboot, Once tunnel interface configuration removed and deployed again issue got resolve. this issue happens when spoke router reboot. Kindly suggest on this. Please find below tunnel configuration of Hub and  Spoke end. 

 

Spoke End:

interface Tunnel1
ip address 172.16.254.20 255.255.255.0
no ip redirects
ip mtu 1400
ip pim nbma-mode
ip pim sparse-dense-mode
no ip next-hop-self eigrp 50
ip nhrp map 172.16.254.1 X.X.X.X
ip nhrp map multicast X.X.X.X
ip nhrp network-id 101
ip nhrp holdtime 300
ip nhrp nhs 172.16.254.1
ip tcp adjust-mss 1360
delay 12
tunnel source GigabitEthernet0/0/0
tunnel mode gre multipoint
tunnel protection ipsec profile ODMVPN2

 

Hub End:

 

interface Tunnel1
bandwidth 200000
ip address 172.16.254.1 255.255.255.0
no ip redirects
ip mtu 1400
ip wccp redirect exclude in
no ip next-hop-self eigrp 50
no ip split-horizon eigrp 50
ip pim nbma-mode
ip pim sparse-dense-mode
ip nhrp map multicast dynamic
ip nhrp network-id 101
ip nhrp holdtime 300
ip tcp adjust-mss 1360
delay 120
tunnel source GigabitEthernet0/3.305
tunnel mode gre multipoint
tunnel protection ipsec profile ODMVPN2
end

 

 Debug Logs Before and After Tunnel Interface 1. 

Debug Before resetting tunnel 1 interface:

Sep 11 10:59:57.043: NHRP: No SNMP node found to add requestID
Sep 11 10:59:57.043: NHRP: Attempting to send packet through interface Tunnel1 via DEST dst 172.16.254.1
Sep 11 10:59:57.043: NHRP: Send Registration Request via Tunnel1 vrf global(0x0), packet size: 92
Sep 11 10:59:57.044: NHRP-DETAIL: Unable to get dst from pak sb
Sep 11 10:59:57.044: NHRP: Encapsulation succeeded. Sending NHRP Control Packet NBMA Address: X.X.X.X
Sep 11 10:59:57.044: NHRP: 116 bytes out Tunnel1
Sep 11 10:59:57.044: NHRP: Resetting retransmit due to hold-timer for 172.16.254.1


Debug After resetting tunnel 1 interface:
.Sep 11 12:43:56.610: NHRP: Cache already has a subblock node attached for Tunnel Endpoints (VPN: 172.16.254.1, NBMA: X.X.X.X)
.Sep 11 12:43:56.610: NHRP: No SNMP node found to add requestID
.Sep 11 12:43:56.610: NHRP: Attempting to send packet through interface Tunnel1 via DEST dst 172.16.254.1
.Sep 11 12:43:56.610: NHRP: Send Registration Request via Tunnel1 vrf global(0x0), packet size: 92
.Sep 11 12:43:56.611: NHRP-DETAIL: Unable to get dst from pak sb
.Sep 11 12:43:56.611: NHRP-CACHE: Setting 'used' flag on cache entry with nhop: 172.16.254.1
.Sep 11 12:43:56.611: NHRP: Encapsulation succeeded. Sending NHRP Control Packet NBMA Address: X.X.X.X
.Sep 11 12:43:56.611: NHRP: 116 bytes out Tunnel1
.Sep 11 12:43:56.611: NHRP: Resetting retransmit due to hold-timer for 172.16.254.1
.Sep 11 12:43:57.489: NHRP: Setting retrans delay to 2 for nhs dst 172.16.254.1
.Sep 11 12:43:57.489: NHRP: Attempting to send packet through interface Tunnel1 via DEST dst 172.16.254.1
.Sep 11 12:43:57.489: NHRP: Send Registration Request via Tunnel1 vrf global(0x0), packet size: 92
.Sep 11 12:43:57.489: src: 172.16.254.20, dst: 172.16.254.1
.Sep 11 12:43:57.489: NHRP-DETAIL: Unable to get dst from pak sb
.Sep 11 12:43:57.489: NHRP: Encapsulation succeeded. Sending NHRP Control Packet NBMA Address: X.X.X.X
.Sep 11 12:43:57.489: NHRP: 116 bytes out Tunnel1
.Sep 11 12:43:57.490: NHRP-RATE: Sending initial Registration Request for 172.16.254.1, reqid 211
.Sep 11 12:43:58.602: NHRP: Setting retrans delay to 2 for nhs dst 172.16.254.1
.Sep 11 12:43:58.602: IPSEC-IFC MGRE/Tu1(75.99.252.194/X.X.X.X): connection lookup returned 7F36C58B4818
.Sep 11 12:43:58.602: NHRP: Attempting to send packet through interface Tunnel1 via DEST dst 172.16.254.1
.Sep 11 12:43:58.602: NHRP: Send Registration Request via Tunnel1 vrf global(0x0), packet size: 92
.Sep 11 12:43:58.602: src: 172.16.254.20, dst: 172.16.254.1
.Sep 11 12:43:58.603: NHRP-DETAIL: Unable to get dst from pak sb
.Sep 11 12:43:58.603: NHRP: Encapsulation succeeded. Sending NHRP Control Packet NBMA Address: X.X.X.X
.Sep 11 12:43:58.603: NHRP: 116 bytes out Tunnel1
.Sep 11 12:43:58.603: NHRP-RATE: Retransmitting Registration Request for 172.16.254.1, reqid 211, (retrans ivl 2 sec)
.Sep 11 12:43:58.615: NHRP: Receive Registration Reply via Tunnel1 vrf global(0x0), packet size: 112
.Sep 11 12:43:58.615: NHRP-DETAIL: netid_in = 0, t
o_us = 1
.Sep 11 12:43:58.615: NHRP: NHS 172.16.254.1 Tunnel1 vrf 0 Cluster 0 Priority 0 Transitioned to 'RE' from 'E'
.Sep 11 12:43:58.615: NHRP: NHS-UP: 172.16.254.1

2 people had this problem
0 Helpful
30 Replies 30

noc-germany1
Level 1
Level 1
In response to b_ferguson

‎10-15-2019 05:13 AM

The problem is as follows:
The spoke router reboots and creates another IKE session with the hub.

The hub gets confused and deletes both crypto ike sessions, the old one and the new one.

 

The end result is that show crypto sessions will show as OK on the spoke, but there is no session on the hub!
The way out is to do clear ike sessions on spoke OR use DPD, which will reinstate the ike tunnels properly. 

 

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card