Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
910
Views
0
Helpful
19
Replies

mGRE tunnel giving odd error on 1 router, working on another

Go to solution
SteveG18
Level 1
Level 1

‎05-29-2024 03:00 PM

I have 2 cisco routers that should be using GRE back to 1 other device.  When I check the status of the interfaces I can see that on one, the status is up/up.  On the trouble one, its showing the status as 'reset'.  I'm not sure what that's referring to.  The configs should be pretty much the same on each device, except for some IP changes for the tunnel.

What is happening???  I've been searching for info for a while now, without much luck...  I've attached configs and info below.  The router with the issue is the TTCE router, the working one is below that.

TTCE:
interface Tunnel100
description INTERNAL - DMVPN Inside Interface
ip address 10.22.32.2 255.255.240.0
no ip redirects
ip mtu 1300
ip nhrp authentication 1234
ip nhrp network-id 1
ip nhrp nhs 10.22.32.2
ip nhrp redirect
no ip split-horizon
ip tcp adjust-mss 1260
load-interval 30
keepalive 10 3
tunnel source GigabitEthernet0/0/0
tunnel mode gre multipoint
tunnel key 1234
tunnel protection ipsec profile IPSEC_PROFILE
end

 

Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0/0 65.132.237.229 YES DHCP up up
GigabitEthernet0/0/1 unassigned YES NVRAM up up
Gi0/0/1.25 10.100.100.11 YES NVRAM up up
GigabitEthernet0/1/0 unassigned YES unset down down
GigabitEthernet0/1/1 unassigned YES unset up up
GigabitEthernet0/1/2 unassigned YES unset down down
GigabitEthernet0/1/3 unassigned YES unset down down
GigabitEthernet0 unassigned YES NVRAM down down
Loopback0 10.118.0.7 YES NVRAM up up
Loopback1 170.195.127.16 YES NVRAM up up
Loopback2 10.118.0.193 YES NVRAM up up
Loopback3 10.128.0.10 YES NVRAM up up
Tunnel100 10.22.32.2 YES manual reset down
Vlan1 unassigned YES unset up down
Vlan30 12.0.0.4 YES NVRAM up up


TTC:
interface Tunnel100
description INTERNAL - DMVPN Inside Interface
ip address 10.22.32.1 255.255.240.0
no ip redirects
ip mtu 1300
ip nhrp network-id 1
ip nhrp nhs 10.22.32.1
ip nhrp redirect
no ip split-horizon
ip tcp adjust-mss 1260
load-interval 30
keepalive 10 3
tunnel source GigabitEthernet0/0/0
tunnel mode gre multipoint
tunnel key 1234
tunnel protection ipsec profile IPSEC_PROFILE
end

Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0/0 65.132.237.231 YES DHCP up up
GigabitEthernet0/0/1 unassigned YES NVRAM up up
Gi0/0/1.25 10.100.100.10 YES manual up up
Gi0/0/1.27 200.0.0.1 YES manual up up
GigabitEthernet0/1/0 unassigned YES unset down down
GigabitEthernet0/1/1 unassigned YES unset down down
GigabitEthernet0/1/2 unassigned YES unset up up
GigabitEthernet0/1/3 unassigned YES unset down down
GigabitEthernet0 unassigned YES NVRAM administratively down down
Loopback1 170.195.63.16 YES NVRAM up up
Loopback2 10.118.0.193 YES NVRAM up up
Loopback9999 unassigned YES unset up up
Tunnel100 10.22.32.1 YES manual up up
Vlan1 unassigned YES unset down down
Vlan30 12.0.0.3 YES manual up up

Labels:
0 Helpful
19 Replies 19

Go to solution
Torbjørn
Spotlight
Spotlight

‎05-30-2024 12:39 AM

You need to remove the "ip nhrp nhs 10.22.32.2" from the TTCE router, only spoke routers need this line of config. You are getting the reset status due to the router trying to establish a tunnel against its own address.

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev
0 Helpful

Go to solution
SteveG18
Level 1
Level 1
In response to Torbjørn

‎05-30-2024 07:45 AM

@TorbjørnThen why isn't the other device which also has a similar line also having the same error??  The device, listed as TTC above, also has a similar ip nhrp nhs 10.22.32.1 entry, and its fine

0 Helpful

Go to solution
Torbjørn
Spotlight
Spotlight
In response to SteveG18

‎05-30-2024 11:09 PM

Good point, i didn't notice. Are these different device models/software versions?

The only difference in config of the interfaces is the "ip nhrp authentication", but I can't see how that would cause this. Is the IPSEC config identical?´Could you first verify that it stops being "reset" if you disable the tunnel protection? Could you also post the output generated by debug crypto isakmp/debug crypto ikev2 when shutting/no shutting the tunnel interface?

For dual hub single cloud configuration you should not configure any nhs command on your primary hub. Your secondary hub should be a client of your primary hub using "ip nhrp nhs 10.22.32.1", "ip nhrp map 10.22.32.1 (NBMA address)" and "ip nhrp map multicast (NBMA address" like you would on a spoke router.

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev
0 Helpful

Go to solution
dareveggen
Level 1
Level 1

‎05-30-2024 08:04 AM

Thanks for the help guys my issue resolved too 

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to dareveggen

‎05-30-2024 11:11 PM

we dont know what was it 

but you are so welcome 

MHM

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card