11-14-2023 04:00 AM
Hi,
I configured the MPLS over DMVPN with an IPsec tunnel for encryption. everything was good after configuring tunnel protection IPsec on the Tunnel interface, all respective router's EIGRP adjacencies are down.
If any more detailed information is needed, please let me know.
*Nov 14 10:51:19.354: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 192.168.1.13 (Tunnel1) is down: holding time expired
*Nov 14 10:52:09.233: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 192.168.1.8 (Tunnel1) is down: holding time expired
*Nov 14 10:52:51.167: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 192.168.1.9 (Tunnel1) is down: holding time expired
*Nov 14 10:53:11.534: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 192.168.1.16 (Tunnel1) is down: holding time expired
CE-R13#sh ip route vrf FVRF
Routing Table: FVRF
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 7 subnets, 2 masks
B 10.8.8.0/24 [20/0] via 192.168.40.254, 03:43:51
B 10.9.9.0/24 [20/0] via 192.168.40.254, 03:43:55
C 10.13.13.0/24 is directly connected, Loopback0
L 10.13.13.13/32 is directly connected, Loopback0
B 10.16.16.0/24 [20/0] via 192.168.40.254, 03:43:55
B 10.17.17.0/24 [20/0] via 192.168.40.254, 03:44:08
B 10.18.18.0/24 [20/0] via 192.168.40.254, 03:43:56
192.168.40.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.40.0/24 is directly connected, Ethernet0/0
L 192.168.40.1/32 is directly connected, Ethernet0/0
CE-R13#sh ip route vrf FVRF eigrp
Routing Table: FVRF
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
CE-R13# sh run
Building configuration...
Current configuration : 2406 bytes
!
! Last configuration change at 11:06:07 UTC Tue Nov 14 2023
!
version 15.7
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CE-R13
!
boot-start-marker
boot-end-marker
!
!
vrf definition FVRF
rd 65006:1
!
address-family ipv4
exit-address-family
!
vrf definition INTERNAL
!
address-family ipv4
exit-address-family
!
!
no aaa new-model
!
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
redundancy
!
!
!
!
!
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key cisco123 address 0.0.0.0
!
!
crypto ipsec transform-set ABC esp-3des esp-md5-hmac
mode transport
!
crypto ipsec profile IPROF
set transform-set ABC
!
!
!
!
!
!
!
interface Loopback0
vrf forwarding FVRF
ip address 10.13.13.13 255.255.255.0
!
interface Loopback1
vrf forwarding INTERNAL
ip address 192.168.13.13 255.255.255.0
!
interface Loopback2
vrf forwarding INTERNAL
ip address 172.16.13.13 255.255.255.0
!
interface Tunnel1
vrf forwarding INTERNAL
ip address 192.168.1.13 255.255.255.0
no ip redirects
ip nhrp map 192.168.1.17 10.17.17.17
ip nhrp map multicast 10.17.17.17
ip nhrp network-id 1
ip nhrp nhs 192.168.1.17
tunnel source Loopback0
tunnel mode gre multipoint
tunnel vrf FVRF
tunnel protection ipsec profile IPROF
!
interface Ethernet0/0
vrf forwarding FVRF
ip address 192.168.40.1 255.255.255.0
duplex auto
!
interface Ethernet0/1
no ip address
shutdown
duplex auto
!
interface Ethernet0/2
no ip address
shutdown
duplex auto
!
interface Ethernet0/3
no ip address
shutdown
duplex auto
!
!
router eigrp 1
!
address-family ipv4 vrf INTERNAL autonomous-system 100
network 172.16.0.0
network 192.168.1.0
network 192.168.13.0
exit-address-family
!
router bgp 65006
bgp router-id 13.13.13.13
bgp log-neighbor-changes
!
address-family ipv4 vrf FVRF
network 10.13.13.0 mask 255.255.255.0
neighbor 192.168.40.254 remote-as 100
neighbor 192.168.40.254 activa
Solved! Go to Solution.