Not asking too much at all!As for the front-door VRF design, I just glanced over this article and looks like it does a fair job describing it: https://ttl255.com/dmvpn-and-ipsec-with-front-door-vrf/For WireShark, you can filter via NHRP. WireShark is...
If you look at the information from the capture, you'll notice that the source and destination protocol addresses are the same address. This indicates that your IP address at your spoke is the same as at your Hub. Change your Spoke's address and your...
Your config is good. Everything from a DMVPN and IPSec perspective are mostly correct. We know you're underlay has reachability since your NHRP resolutions to the Hub are at least showing up. Since Tunnel 1 at your branch shares your source interface...
Your diagram looked to be from GNS3, before we go too crazy, please verify that this is in a lab. If this is all lab right now, then we'll get this sorted.
Not sure if you corrected this yet, but make sure you add a network statement covering Tunne...
You don't want to mix Phase2 and Phase3 on the same tunnel (or in the same DMVPN Cloud). It can cause runaway NHRP processes. Luckily, it's rate limited by default to prevent a disaster.
Let's remove all of the Phase2 and Phase3 stuff since that is n...
