01-28-2022 08:58 AM - last edited on 01-29-2022 02:13 AM by Translator
Hello experts!
i am doing DMVPN but the problem here is : NPJ-router is not getting the route for SERVER-AREA-DR loopback.
hence HO-router is getting both route for LAN network from NPJ & SERVER-AREA-DR loopback.
can say, NPJ & SERVER-AREA-DR are not getting each other LAN network route.
NOTE: topology is attached below
CONFIGURATION
HO
!
hostname HO
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
!
!
no ip domain lookup
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
lifetime 2500
crypto isakmp key DMVPN address 0.0.0.0
!
!
crypto ipsec transform-set DMVPN esp-3des esp-md5-hmac
mode tunnel
!
crypto ipsec profile DMVPN-PROF
set security-association lifetime seconds 2500
set transform-set DMVPN
!
!
!
!
!
!
!
interface Tunnel1
ip address 50.50.50.1 255.255.255.248
no ip redirects
ip nhrp authentication SECURE
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip nhrp redirect
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 123456
tunnel protection ipsec profile DMVPN-PROF
!
interface FastEthernet0/0
description ***WAN-SIDE***
ip address 172.16.10.1 255.255.255.248
speed auto
duplex auto
!
interface FastEthernet0/1
description ***LAN-SIDE***
ip address 192.168.10.1 255.255.255.0
speed auto
duplex auto
!
interface FastEthernet1/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet1/1
no ip address
shutdown
speed auto
duplex auto
!
!
router eigrp 100
network 50.50.50.0 0.0.0.7
network 192.168.10.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end
NPJ
hostname NPJ
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
!
!
no ip domain lookup
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
lifetime 2500
crypto isakmp key DMVPN address 172.16.10.1
crypto isakmp key DMVPN address 172.16.10.3
!
!
crypto ipsec transform-set DMVPN esp-3des esp-md5-hmac
mode tunnel
!
crypto ipsec profile DMVPN-PROF
set security-association lifetime seconds 2500
set transform-set DMVPN
!
!
!
!
!
!
!
interface Tunnel1
ip address 50.50.50.2 255.255.255.248
no ip redirects
ip nhrp authentication SECURE
ip nhrp map multicast 172.16.10.1
ip nhrp map 50.50.50.1 172.16.10.1
ip nhrp network-id 1
ip nhrp nhs 50.50.50.1
ip nhrp shortcut
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 123456
tunnel protection ipsec profile DMVPN-PROF
!
interface FastEthernet0/0
description ***WAN-SIDE***
ip address 172.16.10.2 255.255.255.248
speed auto
duplex auto
!
interface FastEthernet0/1
description ***LAN-SIDE***
ip address 192.168.20.1 255.255.255.0
speed auto
duplex auto
!
interface FastEthernet1/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet1/1
no ip address
shutdown
speed auto
duplex auto
!
!
router eigrp 100
network 50.50.50.0 0.0.0.7
network 192.168.20.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end
SERVER-AREA-DR
hostname SERVER-AREA-DR
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
!
!
no ip domain lookup
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
lifetime 2500
crypto isakmp key DMVPN address 172.16.10.1
crypto isakmp key DMVPN address 172.16.10.2
!
!
crypto ipsec transform-set DMVPN esp-3des esp-md5-hmac
mode tunnel
!
crypto ipsec profile DMVPN-PROF
set security-association lifetime seconds 2500
set transform-set DMVPN
!
!
!
!
!
!
!
interface Loopback1
description ***lets-say LAN***
ip address 192.168.100.100 255.255.255.255
!
interface Tunnel1
ip address 50.50.50.3 255.255.255.248
no ip redirects
ip nhrp authentication SECURE
ip nhrp map multicast 172.16.10.1
ip nhrp map 50.50.50.1 172.16.10.1
ip nhrp network-id 1
ip nhrp nhs 50.50.50.1
ip nhrp shortcut
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 123456
tunnel protection ipsec profile DMVPN-PROF
!
interface FastEthernet0/0
ip address 172.16.10.3 255.255.255.248
speed auto
duplex auto
!
interface FastEthernet0/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet1/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet1/1
no ip address
shutdown
speed auto
duplex auto
!
!
router eigrp 100
network 50.50.50.0 0.0.0.7
network 192.168.100.100 0.0.0.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end
Solved! Go to Solution.
01-28-2022 09:06 AM - last edited on 01-29-2022 02:35 AM by Translator
No ip next-hop-self eigrp x
No ip split horizon eigrp x
This need in hub only
01-28-2022 09:06 AM - last edited on 01-29-2022 02:35 AM by Translator
No ip next-hop-self eigrp x
No ip split horizon eigrp x
This need in hub only
01-28-2022 09:17 AM
Thank you so much sir, it worked.
Will you please clearify me the uses of this two command, why we use it? what happens if not used??
01-28-2022 09:19 AM
01-28-2022 09:20 AM
01-28-2022 09:32 AM
check this may help you : EIGRP split horizon
https://packetlife.net/blog/2008/nov/03/disabling-split-horizon/
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide