cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1598
Views
0
Helpful
3
Replies
Beginner

DMVPN: requires clear crypto sa

My DMVPN worked fine yesterday. However the DMVPN didn't come in. I left it for 20 with no joy.

Once I did a clear crypto sa on the spoke the tunnel came up.

This seems like I'm missing something in my config.

Can someone advise?

Everyone's tags (4)
3 REPLIES 3
Cisco Employee

DMVPN: requires clear crypto sa

Oh ... well DPDs? Just wild speculation without config ;-)

Beginner

Re: DMVPN: requires clear crypto sa

Sorry my Spokes tunnel config is:

interface Tunnel0

description HO-VPN

bandwidth 100

ip address 10.x.250.6 255.255.255.0

no ip redirects

ip mtu 1400

ip nhrp authentication password

ip nhrp map multicast dynamic

ip nhrp map multicast publicIP

ip nhrp map 10.x.250.1 publicIP

ip nhrp network-id aNumber

ip nhrp holdtime 360

ip nhrp nhs 10.x.250.1

zone-member security Zone-TunnelToHO

ip ospf network broadcast

tunnel source FastEthernet4

tunnel mode gre multipoint

tunnel key aNumber

tunnel protection ipsec profile protect-gre

Cisco Employee

Re: DMVPN: requires clear crypto sa

I think it's going to be something in crypto config, either invalid SPI recovery (alhough it's not strictly speaking required) or DPD missing (considering what you described and how you recovered).