Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
848
Views
0
Helpful
1
Replies

Single router , Single Tunnel interface And dual nhs destinations

yoav-shneor
Level 1
Level 1

‎03-31-2019 02:03 AM - edited ‎02-21-2020 09:36 PM

Hi, 

I Tested cisco 877VA with (C800-UNIVERSALK9-M), Version 15.6(2)T2 for a new project with dual NHS 

the tunnel looks like that : 

 

Interface tunnel 100
ip address 10.204.200.1 255.255.254.0
no ip redirects
ip mtu 1360
ip nhrp authentication cisco100
ip nhrp map multicast dynamic
ip nhrp map 10.204.201.254 10.100.100.254
ip nhrp map multicast 10.100.100.254
ip nhrp map 10.204.201.253 10.100.100.253
ip nhrp map multicast 10.100.100.253
ip nhrp network-id 100
ip nhrp holdtime 600
ip nhrp nhs 10.204.201.254
ip nhrp nhs 10.204.201.253
ip tcp adjust-mss 1320
tunnel source Loopback100
tunnel destination 10.100.100.253
tunnel key 100
tunnel protection ipsec profile IPSEC_PROFILE shared

 

I get system logs like that : 

 

Mar 31 08:58:11.600: NHRP: Receive Error Indication via Tunnel100 vrf global(0x0), packet size: 148
Mar 31 2019 08:58:11: %NHRP-3-PAKERROR: Received Error Indication from 10.204.201.253, code: protocol generic error(7), (trigger src: 10.204.200.1 (nbma: 10.100.100.1) dst: 10.204.201.254), offset: 0, data: 00 01 08 00 00 00 00 00 00 FF 00 6C 84 8F 00 34
Mar 31 08:59:10.601: NHRP: Setting retrans delay to 64 for nhs dst 10.204.201.254
Mar 31 08:59:10.601: NHRP: Attempting to send packet through interface Tunnel100 via DEST dst 10.204.201.254
Mar 31 08:59:10.601: NHRP: Send Registration Request via Tunnel100 vrf global(0x0), packet size: 108
Mar 31 08:59:10.601: src: 10.204.200.1, dst: 10.204.201.254
Mar 31 08:59:10.601: NHRP: 136 bytes out Tunnel100
Mar 31 08:59:10.621: NHRP: Receive Error Indication via Tunnel100 vrf global(0x0), packet size: 148
Mar 31 2019 08:59:10: %NHRP-3-PAKERROR: Received Error Indication from 10.204.201.253, code: protocol generic error(7), (trigger src: 10.204.200.1 (nbma: 10.100.100.1) dst: 10.204.201.254), offset: 0, data: 00 01 08 00 00 00 00 00 00 FF 00 6C 84 8F 00 34
Mar 31 08:59:21.017: NHRP: No SNMP node found to add requestID
Mar 31 08:59:21.017: NHRP: Attempting to send packet through interface Tunnel101 via DEST dst 10.204.221.254
Mar 31 08:59:21.017: NHRP: Send Registration Request via Tunnel101 vrf global(0x0), packet size: 108
Mar 31 08:59:21.017: src: 10.204.220.1, dst: 10.204.221.254
Mar 31 08:59:21.017: NHRP: 136 bytes out Tunnel101
Mar 31 08:59:21.025: NHRP: Receive Registration Reply via Tunnel101 vrf global(0x0), packet size: 128
Mar 31 09:00:03.571: NHRP: Setting retrans delay to 64 for nhs dst 10.204.201.254
Mar 31 09:00:03.571: NHRP: Attempting to send packet through interface Tunnel100 via DEST dst 10.204.201.254
Mar 31 09:00:03.571: NHRP: Send Registration Request via Tunnel100 vrf global(0x0), packet size: 108
Mar 31 09:00:03.571: src: 10.204.200.1, dst: 10.204.201.254

Labels:
0 Helpful
1 Reply 1

Rob Ingram
VIP
VIP

‎03-31-2019 10:32 AM - edited ‎03-31-2019 10:36 AM

Hi,
You say there is only 1 tunnel interface, however the logs (which I assume are from the spoke?) indicate you have Tunnel100 and Tunnel101 - do you have another tunnel interface that's potentially causing an issue?

 

Can you provide the Tunnel configuration from the Hubs?

Can you provide the debug logs from the Hub please?

Are IKEv1 (ISAKMP) or IKEv2 SA and IPSec SA established?

I notice you are using a static GRE tunnel with the command "tunnel destination...." and not a mGRE tunnel, I assume you are implementing Phase 1 configuration only? Though it should still work, it just means spoke-to-spoke traffic would go via the Hub.

0 Helpful
Customers Also Viewed These Support Documents