cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5316
Views
0
Helpful
40
Replies

Issue with DMVPN with Spook having DYNAMIC ip

manzeel
Level 1
Level 1

Dear Team,

I have configured DMVPN between HUB and Spook with spook having Dynamic ip (Nat behind local ADSL Router with dynamic ip). I have used OSPF as routing protocol.  My DMVPN is also up, route is advertised in OSPF. I am able to ping lan IP configured in HUB Router (Cisco 2911). All traffic from spook is send to HUB. I have send my default route from HUB to My upstream Firewall (fortigate or  Sophos) to access my core services as well for Internet.

 

Now my main Problem is,

  1. I am not able to ping or access any services from Spook to the server and services hosted in my upstream firewall (Sophos and Fortigate).
  2. But there is no any issue with Other Spook having fixed public ip or Intranet ip.
  3. I have done trace from branch for server/services hosted in Firewall for which traffic get stuck in my HUB tunnel. Same is for trace report from firewall while performing trace.
  4. In firewall I can see request coming from spook and response is getting back moreover there is packet number both for incap & decap get increased too in spook.

 

However despite all thing branch is not able to access any services or access internet hosted in or behind HUB firewall.

 

Your assistance to resolve this issue will be appreciated.

 

Thanks in advance

 

40 Replies 40

What networks are you trying to reach from the spoke?
Do you have routes for these networks on the spoke?
Do you have route on the spoke for 172.28.1.0?
Can you ping from the spoke "ping 172.28.1.1 source 192.168.120.254"