cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5310
Views
0
Helpful
40
Replies

Issue with DMVPN with Spook having DYNAMIC ip

manzeel
Level 1
Level 1

Dear Team,

I have configured DMVPN between HUB and Spook with spook having Dynamic ip (Nat behind local ADSL Router with dynamic ip). I have used OSPF as routing protocol.  My DMVPN is also up, route is advertised in OSPF. I am able to ping lan IP configured in HUB Router (Cisco 2911). All traffic from spook is send to HUB. I have send my default route from HUB to My upstream Firewall (fortigate or  Sophos) to access my core services as well for Internet.

 

Now my main Problem is,

  1. I am not able to ping or access any services from Spook to the server and services hosted in my upstream firewall (Sophos and Fortigate).
  2. But there is no any issue with Other Spook having fixed public ip or Intranet ip.
  3. I have done trace from branch for server/services hosted in Firewall for which traffic get stuck in my HUB tunnel. Same is for trace report from firewall while performing trace.
  4. In firewall I can see request coming from spook and response is getting back moreover there is packet number both for incap & decap get increased too in spook.

 

However despite all thing branch is not able to access any services or access internet hosted in or behind HUB firewall.

 

Your assistance to resolve this issue will be appreciated.

 

Thanks in advance

 

40 Replies 40

Francesco Molino
VIP Alumni
VIP Alumni

Hi

 

As soon as you have your Nat and dmvpn is fully up (nhrp, crypto and dynamic routing is up) you shouldn't have any issue. The difference between fix wan and dynamic wan ip is just for building up the tunnel but after there's nothing different.

 

Do you have all route advertised and received for this spoke on the spoke side and hub side?

Can you share some outputs like:

- sh dmvpn

- sh ip ospf neig

- sh ip route

- traceroute

 

Please give outputs for spoke and hub and attach them to a text file you'll upload on this post


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question