Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
433
Views
0
Helpful
1
Replies

Dual HUB multiple spokes DMVPN IPSEC

bymc
Level 1
Level 1

‎09-18-2015 09:16 AM - edited ‎03-05-2019 02:20 AM

The test setup is two hub routers (Cisco 2921) and three spoke routers (Cisco 2901).

Testing the dual hub and three spoke without IPSEC I can remove one hub from the network and traffic continues to flow. I was able to take one hub off line as long as I left at least one hub online did not matter which hub.
Testing the dual hub and three spoke with IPSEC running I can remove one hub from the network and traffic will continue as long as the hub is not the hub, the spoke to spoke connection used to establish the spoke to spoke connection. When it is the hub used to make the spoke to spoke connection that was taken offline spoke to spoke as well as spoke to hub connectivity stops.
I found other than rebooting all of the routers (Spokes and hubs) the command clear crypto sa on the hub and spoke routers allows router connectivity to re-establish.
How should the router IPSEC be configured to prevent this issue. I was hoping that the spoke connection would fail over to the second hub if the first hub fails.
Byron
 

Labels:
0 Helpful
1 Reply 1

paul driver
VIP
VIP

‎09-18-2015 11:46 AM

Hello

duplicate posting  on same forum

https://supportforums.cisco.com/discussion/12591536/dmvpn-dual-hub-routers

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card