06-28-2018 08:25 PM - edited 03-05-2019 10:41 AM
Dear Team,
I have configured DMVPN between HUB and Spook with spook having Dynamic ip (Nat behind local ADSL Router with dynamic ip). I have used OSPF as routing protocol. My DMVPN is also up, route is advertised in OSPF. I am able to ping lan IP configured in HUB Router (Cisco 2911). All traffic from spook is send to HUB. I have send my default route from HUB to My upstream Firewall (fortigate or Sophos) to access my core services as well for Internet.
Now my main Problem is,
However despite all thing branch is not able to access any services or access internet hosted in or behind HUB firewall.
Your assistance to resolve this issue will be appreciated.
Thanks in advance
07-01-2018 10:41 PM
Hello,
odd. Can you post the configuration of a spoke with a static IP address, that is, a working spoke ?
07-01-2018 11:25 PM
07-01-2018 11:59 PM
07-02-2018 02:03 AM
07-02-2018 12:15 AM
Hello,
your tunnel source (Vlan20) is a private address which is then (I assume) NATted by the ADSL router ?
What if you annouce the 10.x.x.x network in OSPF ?
network 10.0.0.0 0.0.0.255 area 0
07-02-2018 02:56 AM
Hello,
tunnel Source vlan 20 is nat by adsl router. as suggested i advertise 10.0.0.0 0.0.0.255 in ospf at spook router.
07-02-2018 04:59 AM
Hello,
is it possible to put the ADSL router in bridge mode, making your Vlan 20 interface the outside interface receiving a public address ?
07-03-2018 12:42 AM
Hello Georg,
I have used USB internet dongle in this remote branch due to which i am not sure i can able to bridge .
07-02-2018 04:04 PM
07-03-2018 12:46 AM
07-04-2018 06:59 PM
07-04-2018 08:17 PM
Hello Francesco,
i have change the time throttle value as you mentioned to 5 10 60 and also completely removed from both HUB and Spook but still the same. not able to reach Network Behind the hub device.
07-04-2018 08:29 PM
Ok now that's weird.
Can you shutdown the tunnel interface on some router, clear nat from upstream devices (if can't, reload that device or at least wait few minutes and no shut the tunnel interface).
Once everything is up, share following outputs:
- sh dmvpn
- sh ip ospf neigh
- sh ip opsf int tu140
- sh ip route
- sh ip protocols
07-08-2018 08:48 PM
07-08-2018 08:49 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide