06-28-2018 08:25 PM - edited 03-05-2019 10:41 AM
Dear Team,
I have configured DMVPN between HUB and Spook with spook having Dynamic ip (Nat behind local ADSL Router with dynamic ip). I have used OSPF as routing protocol. My DMVPN is also up, route is advertised in OSPF. I am able to ping lan IP configured in HUB Router (Cisco 2911). All traffic from spook is send to HUB. I have send my default route from HUB to My upstream Firewall (fortigate or Sophos) to access my core services as well for Internet.
Now my main Problem is,
However despite all thing branch is not able to access any services or access internet hosted in or behind HUB firewall.
Your assistance to resolve this issue will be appreciated.
Thanks in advance
07-09-2018 02:15 AM - edited 07-09-2018 02:17 AM
What networks are you trying to reach from the spoke?
Do you have routes for these networks on the spoke?
Do you have route on the spoke for 172.28.1.0?
Can you ping from the spoke "ping 172.28.1.1 source 192.168.120.254"
07-09-2018 02:28 AM
Hello Alekseev,
1.I have advertise default route from Spook towards hub and need to reach services/server hosted in my upstream firewall and also need to access internet from Hub only by Spook.
2. Spook is able to ping to all the local interface ip hosted in HUB router but not able to ping or access behind the service of HUB and Hub has also default router towards upstream firewall (172.28.1.2.
3. I am able to ping interface ip (172.28.1.1) that of HUB as well as upstream firewall interface ip(172.28.1.2) from all other branch with static ip but i am not able to ping upstream firewall ip from spook with dynamic ip through DMVPN.
07-09-2018 02:36 AM
07-09-2018 03:03 AM
07-09-2018 03:07 AM
07-09-2018 03:11 AM
There is route from firewall to 192.168.120.0/24 network to. Beside when i performed trace to servers hosted in my upstream firewall, Traffic get stuck in HUB only . Same is goes from firewall while performing trace to 192.168.120.0/24 which get stuck in HUB only. But route is advertise at HUB for spook lan network and able to ping to spook only from HUB local interface ip.
07-09-2018 04:07 AM
07-09-2018 08:45 AM
07-09-2018 09:27 AM
07-09-2018 09:42 AM
07-09-2018 09:56 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide