01-17-2013 07:37 PM - edited 03-04-2019 06:44 PM
We are in the process of implementing DMVPN hub and spoke solution.
We have configured a hub and are now trying to connect a remote spoke between client’s remote locations. The client has a Verizon router in front of the spoke. Somehow I am not able to ping the hub's internal network. I am able to ping hub's internal interface. EIGRP neighbor adjacency between hub and spoke is there. I checked Crypto ISAKMP is there. I can see all the internal routes of the hub on the spoke. On the other hand, when I connected the spoke from my home network to the hub, just for testing purposes, everything is working fine. When I took the spoke to the remote location and plugged it in front of the Verison DSL modem and router, I don't know why I am not able to ping internal network. I suspect that Verison has blocked VPN ports. Any ideas?
Thanks,
Fsl
01-17-2013 08:21 PM
Hi Faizal,
Are you NAT'ing on the ADSL routers for VPN ports for the DMVPN Spokes? Or do you have a routed public IP configured on the DMVPN spoke?
Shamal
Sent from Cisco Technical Support iPhone App
01-18-2013 08:30 AM
No I am getting spoke external interface ip from verison modem+router . Which is 192.168.1.X. I put this ip address to the DMZ zone that won't fix the problem either.
01-18-2013 09:15 AM
Hello Fasal,
can you post your config - especially your crypto stuff.
Are you using crypto maps or VTI ( tunnel protection)
Can you test if you have connection when you take off the ipsec config so basically then your not encrypting the traffic
( require both sides )
if crypto maps is the network to be encrypted specified?
res
Paul
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: