cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1905
Views
0
Helpful
8
Replies

EIGRP Routes advertisement on backup Tunnel || DMVPN technology

Saad Raza Khan
Level 1
Level 1

Dear All,

I am using 3945E router on Bank Head office for the aggregation of WAN Branch Cloud where i Configure tunnel 110 for Primary ISP Link and Tunnel 150 for Secondry ISP.

Now the Branches which are on Primary ISP creating the DMVPN tunnel 110 with Head office and Eigrp running with no issues.

same with the branches running on Secondry ISP creating the DMVPN tunnel 150 with Head office are running Eigrp with no issue.

issue come with the branches where Primary and Secondry tunnel are configured, both the Tunnel 110 and tunnel 150 are up and IPsec is also up and but eigrp routes are coming from the primary tunnel 110 and not from secondry tunnel150 on Show ip eigrp topology command. also when the primary tunnel is down the secondry tunnel 150 is not getting the Head office Eigrp routes at branche end routers.

please check the configuration.

Head Office End DMVPN Config:

interface tunnel110

ip address 172.16.10.1 255.255.255.0

no ip redirect

ip nhrp map multicast dynamic

ip nhrp map multicast 192.168.48.2

ip nhrp network -id 12345

ip nhrp nhs 172.16.10.1

tunnel source 192.168.48.2

tunnel mode gre multipoint

tunnel key 1

tunnel protection ipsec profile cybernet_branches

Branch End

interface tunnel110

ip address 172.16.0.2 255.255.255.0

ip nhrp map 172.16.10.1 192.168.48.2

ip nhrp network-id 12345

ip nhrp holdtime 600

ip nhrp nhs 172.16.10.1

tunnel source 192.168.1.174

tunnel destination 192.168.48.2

tunnel key 1

tunnel protection ipsec profile cybernet_branches

Head office

TUNNEL 150

interface tunnel150

ip address 172.16.10.1 255.255.255.0

no ip redirect

ip nhrp map multicast dynamic

ip nhrp map multicast 192.168.101.254

ip nhrp network -id 123456

ip nhrp nhs 172.16.10.1

tunnel source 192.168.101.254

tunnel mode gre multipoint

tunnel key 1

tunnel protection ipsec profile mobilink_branches

Branch End

interface tunnel150

ip address 172.16.10.2 255.255.255.0

ip nhrp map 172.16.10.1 192.168.101.254

ip nhrp map multicast 192.168.101.254

ip nhrp network-id 123456

ip nhrp holdtime 600

ip nhrp nhs 172.16.10.1

tunnel source 192.168.100.26

tunnel destination 192.168.101.254

tunnel key 1

tunnel protection ipsec profile mobilink_branches

the result is no eigrp routes on branch router via tunnel 150 by applying show ip eigrp topology command.

Regards

Saad

8 Replies 8

Richard Burts
Hall of Fame
Hall of Fame

Saad

Am I correct in understanding that you have a single router at the Head Office, using 2 ISP for Internet connection. And also in understanding that your primary tunnel and secondary tunnel are sourced from the same router address and going to the same address at the branch router? I know that with point to point IPSec tunnels it does not work to try to have 2 tunnels from the same source router to the same branch router. I wonder if the same restriction applies to DMVPN tunnels.

HTH

Rick

HTH

Rick

edondurguti
Level 4
Level 4

Your EIGRP neighbours form? if not then you have a routing problem [ie static routes are still in place]

Provide a diagram and static routes if you have.

Dear All,

thanks for you reply, please find below your answers.

1. Eigrp neighbourship is up with both the tunnels.

2. Yes, i have 2 routers in head office which are connected with each other via layer 3 port channel.

3. Headoffice Router 1 is configured with tunnel110.

4. Headoffice Router 2 is configured with tunnel 150.

5. Both core routers getting routes of each other via port channel.

6. the Branches having dual ISP service getting up  both the tunnel but when tunnel110 is down then tunnel150 is not showing the eigrp routes and neither showing routes in show ip eigrp topology via tunnel150.

saad

Hi,

What do show these commands?

sh crypto session

sh crypto isakmp sa

sh ip nhrp nhs details

And this debug might help:

debug eigpp packet

Hope it will help.

Best regards,
Abzal

Best regards,
Abzal

Hi,

I think Richard is right about using two tunnel interfaces for redundancy for branches. because you're using same NHS on clients for registration on NHRP database. And when Tu110 is down branch routers cannot be registered on database.

http://blog.ine.com/2008/08/02/dmvpn-explained/

Hope it will help.

Best regards,
Abzal

Best regards,
Abzal

Changed as per your guide.

Head office

TUNNEL 150

interface tunnel150

ip address 172.17.10.1 255.255.255.0

no ip redirect

ip nhrp map multicast dynamic

ip nhrp map multicast 192.168.101.254

ip nhrp network -id 123456

ip nhrp nhs 172.17.10.1

tunnel source 192.168.101.254

tunnel mode gre multipoint

tunnel key 1

tunnel protection ipsec profile mobilink_branches

Branch End

interface tunnel150

ip address 172.17.10.2 255.255.255.0

ip nhrp map 172.17.10.1 192.168.101.254

ip nhrp map multicast 192.168.101.254

ip nhrp network-id 123456

ip nhrp holdtime 600

ip nhrp nhs 172.17.10.1

tunnel source 192.168.100.26

tunnel destination 192.168.101.254

tunnel key 1

tunnel protection ipsec profile mobilink_branches

but again the results is same.,backup tunnel is up and crypto tunnel is established but routes in branch router from tunnel150 is not there by show ip eigrp topology.

saad

Ok, I see. So as I understood you correctly you want to make Branch router on secondary ISP see routes that are being advertised Branch router on Primary ISP?

If that the case then try to do this on hub router at Head:

interface tunnel 150

no ip nex-hop-self eigrp

The same command on Tun110 interface.

Hope it will help.

Best regards,
Abzal

Best regards,
Abzal

Hello ,

DMVPN tunnel up with both the service providers.

but the Eigrp neighbourship from branch to head office are showing these results..tunnel110 is getting eigrp routes without any issue and eigrp routes from tunnel150 is showing abnormal behaviour.

Tunnel110 is map with ISP A

Tunnel150 is map with ISP B

JavedNehari-160-2#sh ip eigrp neighbors

EIGRP-IPv4 Neighbors for AS(100)

H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq

                                            (sec)         (ms)       Cnt Num

3   172.17.10.1             Tu150             34 00:00:01  108   972  1  148247

2   172.16.10.1             Tu110             32 00:00:21    1   200  0  565075

Review Cisco Networking for a $25 gift card