02-21-2019 09:48 AM - edited 02-21-2019 09:56 AM
I set up 5 routers. One hub server,three spokes and a middle router (emulating the cloud).
Here are my configs:
R1 (Hub) 37251
interface Tunnel0
ip address 192.168.0.1 255.255.255.0
no ip redirects
ip mtu 1416
ip nhrp authentication cisco123
ip nhrp map multicast dynamic
ip nhrp network-id 12345
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 12345
router ospf 1
log-adjacency-changes
network 200.10.0.0 0.0.0.255 area 0
end
interface FastEthernet0/0
ip address 200.10.0.1 255.255.255.0
duplex auto
speed auto
end
R2 (Spoke1) name 27252
interface Tunnel0
ip address 192.168.0.2 255.255.255.0
no ip redirects
ip mtu 1416
ip nhrp authentication cisco123
ip nhrp map multicast 200.10.0.1
ip nhrp map 192.168.0.1 200.10.0.1
ip nhrp network-id 12345
ip nhrp nhs 192.168.0.1
tunnel source FastEthernet1/0
tunnel mode gre multipoint
tunnel key 12345
end
interface FastEthernet1/0
ip address 25.0.0.2 255.0.0.0
duplex auto
speed auto
!
router ospf 1
log-adjacency-changes
network 25.0.0.0 0.255.255.255 area 0
!
R3 37253
interface Tunnel0
ip address 192.168.0.3 255.255.255.0
no ip redirects
ip mtu 1416
ip nhrp authentication cisco123
ip nhrp map multicast 200.10.0.1
ip nhrp map 192.168.0.1 200.10.0.1
ip nhrp network-id 12345
ip nhrp nhs 192.168.0.1
tunnel source FastEthernet1/0
tunnel mode gre multipoint
tunnel key 12345
!
interface FastEthernet1/0
ip address 35.0.0.3 255.0.0.0
duplex auto
speed auto
!
router ospf 1
log-adjacency-changes
network 35.0.0.0 0.255.255.255 area 0
R4 37255
interface Tunnel0
ip address 192.168.0.4 255.255.255.0
no ip redirects
ip mtu 1416
ip nhrp authentication cisco123
ip nhrp map multicast 200.10.0.1
ip nhrp map 192.168.0.1 200.10.0.1
ip nhrp network-id 12345
ip nhrp nhs 192.168.0.1
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 12345
interface FastEthernet0/0
ip address 45.0.0.4 255.0.0.0
speed 100
full-duplex
router ospf 1
log-adjacency-changes
network 45.0.0.0 0.255.255.255 area 0
R5 (Middle internet router)
interface FastEthernet0/0
ip address 45.0.0.5 255.0.0.0
ip ospf 1 area 0
speed 100
full-duplex
!
interface FastEthernet0/1
ip address 200.10.0.5 255.255.255.0
ip ospf 1 area 0
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 25.0.0.5 255.0.0.0
ip ospf 1 area 0
speed auto
full-duplex
!
interface FastEthernet2/0
ip address 35.0.0.5 255.0.0.0
ip ospf 1 area 0
duplex auto
speed auto
!
When I do a show ip nhrp command on the Hub router I get no output
#Show Ip nhrp
I also got this constant flapping:
*Mar 1 02:40:51.171: %CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet. (ip) vrf/dest_addr= /200.10.0.1, src_addr= 45.0.0.4, prot= 47
Any helpful tips would be great. thanks
Solved! Go to Solution.
02-22-2019 01:04 AM - edited 02-22-2019 01:26 AM
Hi,
I didn't find the overlay routing configuration in your network configuration.
Let start with EIGRP configuration (You may go with Static/OSPF/BGP):
HUB:
router eigrp 1
router-id 1.1.1.1
no auto-summery
network 192.168.0.0
network <LAN Subnet>
interface Tunnel0
no ip split-horizon eigrp 1
Spoke:
router eigrp 1
router-id 2.2.2.2
no auto-summery
network 192.168.0.0
network <LAN Subnet>
and try again.
Regards,
Deepak Kumar
02-22-2019 10:33 AM
Deepak is absolutely right. Add the subnet of the tunnels to all your OSPF processes.
router ospf 1
network 192.168.0.0 0.0.0.255 area 0
I labbed your setup in GNS3, it works fine (except for the missing subnet in OSPF)...
02-22-2019 01:04 AM - edited 02-22-2019 01:26 AM
Hi,
I didn't find the overlay routing configuration in your network configuration.
Let start with EIGRP configuration (You may go with Static/OSPF/BGP):
HUB:
router eigrp 1
router-id 1.1.1.1
no auto-summery
network 192.168.0.0
network <LAN Subnet>
interface Tunnel0
no ip split-horizon eigrp 1
Spoke:
router eigrp 1
router-id 2.2.2.2
no auto-summery
network 192.168.0.0
network <LAN Subnet>
and try again.
Regards,
Deepak Kumar
02-22-2019 07:52 AM
I have OSPF configured in my setup. Will that not work?
02-22-2019 07:56 AM
Hi,
As you shared configuration, The OSPF is enabled on the WAN interface, not for the DMVPN.
outer ospf 1 log-adjacency-changes network 45.0.0.0 0.255.255.255 area 0
Regards,
Deepak Kumar
02-22-2019 10:33 AM
Deepak is absolutely right. Add the subnet of the tunnels to all your OSPF processes.
router ospf 1
network 192.168.0.0 0.0.0.255 area 0
I labbed your setup in GNS3, it works fine (except for the missing subnet in OSPF)...
02-22-2019 03:05 PM
Thank you both for your responses. One last question.
What is the difference between a GRE tunnel and an IPSec tunnel?
02-22-2019 03:06 PM
Thank you for your response. What is the difference between a GRE and an IPSec tunnel?
02-22-2019 03:29 PM
Hello,
a GRE tunnel is basically what you have. It means the data is encapsulated, not encrypted.
An IPSec/GRE tunnel is a tunnel that is encrypted. Have a look at the link below to see the difference between what you have, and what an encrypted tunnel config would look like...
https://www.cisco.com/en/US/technologies/tk583/tk372/technologies_white_paper0900aecd8029d629.html
02-22-2019 11:14 PM
Hi,
There are basic technical differences are
GRE: the GRE tunnel data is encapsulated, not encrypted. once it will add one more IP header on the packet so the packet can route over the public internet but it is an open packet and anyone can read the packet including your data.
GRE is adding some more benefits as it is allowing Multicast traffic over and so Administrator can use Dynamic routing, Multicast etc over the GRE tunnel. You can apply IPSec over the GRE tunnel for encrypting the traffic.
IPSec: IPSec is for Encryption, integrity, and authentication. It is allowing only Unicast/anycast traffic.
Regards,
Deepak Kumar
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide