someone please help

Hello,

first of all, there seems to be a simple typo in your hub configuration, try and change that and see what happens; Fiber and fiber do not match, so it has to be either Fiber/Fiber or fiber/fiber (capitalized or non-capitalized):

ip nat inside source route-map Fiber interface GigabitEthernet0/0/0 overload

route-map fiber permit 10
match ip address 103
match interface GigabitEthernet0/0/0

hi paul,

are you saying to add this into the hub, and it should fix the issue?  

Hello

If applicable test it and see if it makes the difference,  In the current acl you have a lot going on and basically all what you want to do is specify the subnets required for translation.

res
Paul

Hello,

I don't wan to be annoying, but your NAT statement refers to a non-existing route map, so nothing will work until you change that...

ip nat inside source route-map Fiber interface GigabitEthernet0/0/0 overload

should be

ip nat inside source route-map fiber interface GigabitEthernet0/0/0 overload

your not being annoying,  thank you for your help ,  ill post again after these changes are made.  thanks again  

Well that worked for the NAT issue and I am able to get to the internet at my hub site, However I am running into another problem with the tunnels coming up. and connecting to the spokes.

I have no Tunnel communication but they all say UP on both sides. This is for my Tunnel 1 config. Tunnel 0 is working when the line is live.

Thanks again for your help.

Hello,

I noticed a slight difference in your crypto configurations. Make sure they are exactly the same on both sides (for the sake of clarity, I have also changed the policy number). Since you are using the same profile for different tunnels, add the 'shared' keyword.

Here are the revised configs (changes in bold):

HUB

crypto isakmp policy 30
encr 3des
hash md5
authentication pre-share
group 2
lifetime 28800
crypto isakmp keepalive 30
!
crypto ipsec profile PremierIpsec
set security-association lifetime seconds 900
set transform-set strong
!
interface Tunnel0
ip address 10.0.0.1 255.255.255.0
no ip redirects
ip mtu 1428
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip nhrp holdtime 1200
ip ospf network broadcast
ip ospf priority 2
tunnel source GigabitEthernet0/1
tunnel mode gre multipoint
tunnel key 0
tunnel protection ipsec profile PremierIpsec shared
!
interface Tunnel1
ip address 10.0.1.1 255.255.255.0
no ip redirects
ip mtu 1428
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip nhrp holdtime 1200
ip ospf network broadcast
ip ospf priority 2
ip ospf 1 area 0
ip ospf cost 5000
keepalive 10 3
tunnel source GigabitEthernet0/0/0
tunnel mode gre multipoint
tunnel key 2
tunnel protection ipsec profile PremierIpsec shared

SPOKE

crypto isakmp policy 30
encr 3des
hash md5
authentication pre-share
group 2
lifetime 28800
crypto isakmp keepalive 30
!
crypto ipsec profile VanoreIpsec
set security-association lifetime seconds 900
set transform-set strong
!
interface Tunnel0
ip address 10.0.0.10 255.255.255.0
no ip redirects
ip mtu 1428
ip nhrp map multicast dynamic
ip nhrp map multicast 70.89.25.225
ip nhrp map 10.0.0.1 70.89.25.225
ip nhrp network-id 1
ip nhrp holdtime 300
ip nhrp nhs 10.0.0.1
ip ospf network broadcast
ip ospf priority 0
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel key 0
tunnel protection ipsec profile VanoreIpsec shared
!
interface Tunnel1
ip address 10.0.1.10 255.255.255.0
no ip redirects
ip mtu 1428
ip nhrp map multicast dynamic
ip nhrp map multicast 50.225.187.210
ip nhrp map 10.0.1.1 50.225.187.210
ip nhrp network-id 1
ip nhrp holdtime 300
ip nhrp nhs 10.0.1.1
ip ospf network broadcast
ip ospf cost 5000
ip ospf priority 0
ip ospf 1 area 0
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel key 2
tunnel protection ipsec profile VanoreIpsec shared

someone please help

someone please help

Hello,

my bad, I overlooked that your tunnels on the hub have different sources. What happens  if you just configure 'shared' on the spoke ?

someone please help