DMVPN Tunnel

beta_admin66 · ‎10-03-2023

Hi,

I want to build a DMVP tunnel connection. One router is the hub, the another router is spoke. An ISP router is between the hub and the spoke router.

I can not ping the tunnel endpoint from the hub to spoke and the spoke to the hub.

The tunnel interface is down on the spoke router.

Here is the configuration of the tunnel connection, the gigabit connection and the routes:

R1-HUB#show run interface tunnel 1
Building configuration...

Current configuration : 292 bytes
!
interface Tunnel1
ip address 10.20.10.1 255.255.255.240
no ip redirects
ip mtu 1380
ip nhrp authentication xxx
ip nhrp network-id 1666
ip nhrp holdtime 10800
ip nhrp redirect
ip tcp adjust-mss 1340
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel key 1666
!
interface GigabitEthernet0/0
ip address 172.16.11.1 255.255.255.0
duplex auto
speed auto
!
ip route 172.16.31.0 255.255.255.0 172.16.11.2

R2-SPOKE#show run interface tunnel 1
Building configuration...

Current configuration : 291 bytes
!
interface Tunnel1
bandwidth 10000000
ip address 10.20.10.4 255.255.255.240
ip mtu 1380
ip nhrp authentication xxx
ip nhrp map 10.20.10.1 172.16.11.1
ip nhrp nhs 10.20.10.1
ip tcp adjust-mss 1340
keepalive 10 6
tunnel source GigabitEthernet0/1
tunnel destination 172.16.11.1

!
interface GigabitEthernet0/1
ip address 172.16.31.1 255.255.255.0
duplex auto
speed auto
!

ip route 172.16.11.0 255.255.255.0 172.16.31.2

balaji.bandi · ‎10-03-2023

Do you have reachability between device - ping and test it

Follow some troubleshooting tips :

https://www.cisco.com/c/en/us/support/docs/security/dynamic-multipoint-vpn-dmvpn/111976-dmvpn-troubleshoot-00.html

worth doing debug see what is the issue.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MHM Cisco World · ‎10-03-2023

It direct connect' so ping use source IP.

That all what you need

David Ruess · ‎10-03-2023

Hello,

There are a few Phases to DMVPN which require slightly different configurations. It looks like you are implementing Phase 3 on the HUB with the ip nhrp redirect command and Phase 1 on the Spoke with the Source/Destination explicitly configured as well as no ip nhrp shortcut command on the Spoke router. You also need to configure the same Network ID AND tunnel key on all devices needing to communicate. However you only need the tunnel key if more than 1 DMVPN domain is using the interface as the same source address. Can you try the config below? I bolded the config changes.

R1-HUB#show run interface tunnel 1
Building configuration...

Current configuration : 292 bytes
!
interface Tunnel1
ip address 10.20.10.1 255.255.255.240
no ip redirects
ip mtu 1380
ip nhrp authentication xxx
ip nhrp network-id 1666
ip nhrp holdtime 10800
ip nhrp redirect
ip tcp adjust-mss 1340
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel key 1666
!
interface GigabitEthernet0/0
ip address 172.16.11.1 255.255.255.0
duplex auto
speed auto
!
ip route 172.16.31.0 255.255.255.0 172.16.11.2

R2-SPOKE#show run interface tunnel 1
Building configuration...

Current configuration : 291 bytes
!
interface Tunnel1
bandwidth 10000000
ip address 10.20.10.4 255.255.255.240
ip mtu 1380
ip nhrp authentication xxx

ip nhrp network-id 1666
ip nhrp map 10.20.10.1 172.16.11.1
ip nhrp nhs 10.20.10.1
ip tcp adjust-mss 1340
keepalive 10 6
tunnel source GigabitEthernet0/1
tunnel mode gre multipoint

tunnel key 1666

-David