cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

284
Views
0
Helpful
1
Replies
Highlighted
Beginner

Dual HUB multiple spokes DMVPN IPSEC

The test setup is two hub routers (Cisco 2921) and three spoke routers (Cisco 2901).

Testing the dual hub and three spoke without IPSEC I can remove one hub from the network and traffic continues to flow. I was able to take one hub off line as long as I left at least one hub online did not matter which hub.
Testing the dual hub and three spoke with IPSEC running I can remove one hub from the network and traffic will continue as long as the hub is not the hub, the spoke to spoke connection used to establish the spoke to spoke connection. When it is the hub used to make the spoke to spoke connection that was taken offline spoke to spoke as well as spoke to hub connectivity stops.
I found other than rebooting all of the routers (Spokes and hubs) the command clear crypto sa on the hub and spoke routers allows router connectivity to re-establish.
How should the router IPSEC be configured to prevent this issue. I was hoping that the spoke connection would fail over to the second hub if the first hub fails.
Byron
 

1 REPLY 1
VIP Advisor

Helloduplicate posting with

Hello

duplicate posting  on same forum

https://supportforums.cisco.com/discussion/12591536/dmvpn-dual-hub-routers

 



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
CreatePlease to create content
Content for Community-Ad
FusionCharts will render here