Solved: Re: mGRE tunnel giving odd error on 1 router, working on another

SteveG18 · ‎05-29-2024

I have 2 cisco routers that should be using GRE back to 1 other device. When I check the status of the interfaces I can see that on one, the status is up/up. On the trouble one, its showing the status as 'reset'. I'm not sure what that's referring to. The configs should be pretty much the same on each device, except for some IP changes for the tunnel.

What is happening??? I've been searching for info for a while now, without much luck... I've attached configs and info below. The router with the issue is the TTCE router, the working one is below that.

TTCE:
interface Tunnel100
description INTERNAL - DMVPN Inside Interface
ip address 10.22.32.2 255.255.240.0
no ip redirects
ip mtu 1300
ip nhrp authentication 1234
ip nhrp network-id 1
ip nhrp nhs 10.22.32.2
ip nhrp redirect
no ip split-horizon
ip tcp adjust-mss 1260
load-interval 30
keepalive 10 3
tunnel source GigabitEthernet0/0/0
tunnel mode gre multipoint
tunnel key 1234
tunnel protection ipsec profile IPSEC_PROFILE
end

Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0/0 65.132.237.229 YES DHCP up up
GigabitEthernet0/0/1 unassigned YES NVRAM up up
Gi0/0/1.25 10.100.100.11 YES NVRAM up up
GigabitEthernet0/1/0 unassigned YES unset down down
GigabitEthernet0/1/1 unassigned YES unset up up
GigabitEthernet0/1/2 unassigned YES unset down down
GigabitEthernet0/1/3 unassigned YES unset down down
GigabitEthernet0 unassigned YES NVRAM down down
Loopback0 10.118.0.7 YES NVRAM up up
Loopback1 170.195.127.16 YES NVRAM up up
Loopback2 10.118.0.193 YES NVRAM up up
Loopback3 10.128.0.10 YES NVRAM up up
Tunnel100 10.22.32.2 YES manual reset down
Vlan1 unassigned YES unset up down
Vlan30 12.0.0.4 YES NVRAM up up

TTC:
interface Tunnel100
description INTERNAL - DMVPN Inside Interface
ip address 10.22.32.1 255.255.240.0
no ip redirects
ip mtu 1300
ip nhrp network-id 1
ip nhrp nhs 10.22.32.1
ip nhrp redirect
no ip split-horizon
ip tcp adjust-mss 1260
load-interval 30
keepalive 10 3
tunnel source GigabitEthernet0/0/0
tunnel mode gre multipoint
tunnel key 1234
tunnel protection ipsec profile IPSEC_PROFILE
end

Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0/0 65.132.237.231 YES DHCP up up
GigabitEthernet0/0/1 unassigned YES NVRAM up up
Gi0/0/1.25 10.100.100.10 YES manual up up
Gi0/0/1.27 200.0.0.1 YES manual up up
GigabitEthernet0/1/0 unassigned YES unset down down
GigabitEthernet0/1/1 unassigned YES unset down down
GigabitEthernet0/1/2 unassigned YES unset up up
GigabitEthernet0/1/3 unassigned YES unset down down
GigabitEthernet0 unassigned YES NVRAM administratively down down
Loopback1 170.195.63.16 YES NVRAM up up
Loopback2 10.118.0.193 YES NVRAM up up
Loopback9999 unassigned YES unset up up
Tunnel100 10.22.32.1 YES manual up up
Vlan1 unassigned YES unset down down
Vlan30 12.0.0.3 YES manual up up

MHM Cisco World · ‎05-30-2024

the Hub1 is primary all spoke and Hub2 (secondary) is send NHRP request to it
the config of Hub1 and Hub2 and one Spoke list below
Friend, PLEASE notice order I enter the ip nhrp nhs command, always nhs of Hub1 must enter first
also see how I config Hub2 secondary
run same code and it will be OK

MHM

View solution in original post

MHM Cisco World · ‎05-29-2024

This p2p no need dmvpn at all

interface Tunnel100
description INTERNAL - DMVPN Inside Interface
ip address 10.22.32.2 255.255.240.0
no ip redirects
ip mtu 1300
no ip split-horizon
ip tcp adjust-mss 1260
load-interval 30
keepalive 10 3
tunnel source GigabitEthernet0/0/0
tunnel destination 10.22.32.1
tunnel protection ipsec profile IPSEC_PROFILE

!

interface Tunnel100
description INTERNAL - DMVPN Inside Interface
ip address 10.22.32.1 255.255.240.0
no ip redirects
ip mtu 1300
no ip split-horizon
ip tcp adjust-mss 1260
load-interval 30
keepalive 10 3
tunnel source GigabitEthernet0/0/0
tunnel destination 10.22.32.2
tunnel protection ipsec profile IPSEC_PROFILE

That it

MHM

SteveG18 · ‎05-29-2024

They're not going to each other. Each one goes back to a 3rd device. The TTC router can connect to the 3rd device just fine on GRE, the TTCE router is giving that odd message of 'reset'

MHM Cisco World · ‎05-29-2024

Draw topology if you can

MHM

SteveG18 · ‎05-29-2024

MHM Cisco World · ‎05-30-2024

SteveG18 · ‎05-30-2024

@MHM Cisco WorldThe hub would be the 3rd device, non Cisco. And yes, it does support DMVPN.

MHM Cisco World · ‎05-30-2024

Router1

interface Tunnel100
description INTERNAL - DMVPN Inside Interface
ip address 10.22.32.1 255.255.240.0
no ip redirects
ip mtu 1300
ip nhrp network-id 1
ip nhrp nhs 10.22.40.23
ip nhrp map 10.22.40.23 <non cisco Public IP>
ip nhrp map multicast <non cisco Public IP>
ip nhrp shortcut
no ip split-horizon
ip tcp adjust-mss 1260
load-interval 30
keepalive 10 3
tunnel source GigabitEthernet0/0/0
tunnel mode gre multipoint
tunnel key 1234
tunnel protection ipsec profile IPSEC_PROFILE

Router 2

interface Tunnel100
description INTERNAL - DMVPN Inside Interface
ip address 10.22.32.2 255.255.240.0
no ip redirects
ip mtu 1300
ip nhrp network-id 1
ip nhrp nhs 10.22.40.23
ip nhrp map 10.22.40.23 <non cisco Public IP>
ip nhrp map multicast <non cisco Public IP>
ip nhrp shortcut
no ip split-horizon
ip tcp adjust-mss 1260
load-interval 30
keepalive 10 3
tunnel source GigabitEthernet0/0/0
tunnel mode gre multipoint
tunnel key 1234
tunnel protection ipsec profile IPSEC_PROFILE

SteveG18 · ‎05-30-2024

@MHM Cisco World I was mistaken, router 3 is not the hub, the cisco's are, so TTC and TTCE would both be the hubs for GRE

SteveG18 · ‎05-30-2024

So in that case, each nhrp nhs would point to itself, correct?

MHM Cisco World · ‎05-30-2024

Yes and No'

Two hub and one spoke' and sure you want interconnect between two hub's.

So let me check it in lab and I will update you.

Thanks for waiting

MHM

MHM Cisco World · ‎05-30-2024

the Hub1 is primary all spoke and Hub2 (secondary) is send NHRP request to it
the config of Hub1 and Hub2 and one Spoke list below
Friend, PLEASE notice order I enter the ip nhrp nhs command, always nhs of Hub1 must enter first
also see how I config Hub2 secondary
run same code and it will be OK

MHM

SteveG18 · ‎05-31-2024

Ok, you say 'run the same code', but we aren't using EIGRP

MHM Cisco World · ‎05-31-2024

Two commands of eigrp

No Ip split eigrp 5

No ip next-hop eigrp 5

You dont need it if you dont use eigrp' I use eigrp in my lab to check the status of tunnel is it stable or not

Other command must use and same order I share.

MHM

SteveG18 · ‎05-31-2024

That worked, I appreciate the help!!