The problem occurs due to the presence of Cisco bug ID CSCed68627.
This issue is seen if a dual-hub dual-Dynamic Multipoint VPN (DMVPN) configuration is used when there is already a dynamic spoke-to-spoke tunnel over a primary tunnel interface, and the primary hub router is unavailable.
It appears that when the primary hub fails, as the IP next-hop converges to the secondary DMVPN, the dynamic spoke-to-spoke tunnel fails to come up.
As a workaround, perform either of these steps:
Use the dual-hub single DMVPN network configuration.
Download and upgrade to Cisco IOS Software Release 12.4(5).
Hi Everybody,Maybe this subject was already discussed and a solution exist, but a could find it in any discussion.I setup a site to site VPN between 2 sites ( HQ_ASA <--- VPN ---> Site_ASA). the inside subnet for each site is nated before reaching t...
Hello I have an issue where I am upgrading ASA5585-X Active/Standby pairs from 9.1.7 to 9.8.4(26). Several pairs have been upgraded, and in each case, the Standby device is reloaded first. However, when it reboots, it boots back into a Cold Standby s...
Hi,I haveone ISE (PAN+MNT )Node in DC andanother ISE (PAN+MNT) node in DR .And I have one AD domain in DC and another AD domain in DR. And I have two node groups deployment for branch sites with each group contain two PSNs.What I would like to know i...
I am going to disable remote access traffic across my network except my whitelist. I am using Cisco Firepower as well as Cisco ASA in my network perimeter. How and where should I put my rule/policy to enable this capability?
Hi Guys, I currently have Cisco Anyconnect with Split tunneling. Everything seems to be working fine. Is there a way to force clients when they try to connect to an IP address 184.108.40.206 and his/her traffic would go back to t...