Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2033
Views
0
Helpful
1
Replies

DMVPN Attribute DN

YORKIE23
Level 1
Level 1

‎07-30-2018 08:07 AM - edited ‎02-21-2020 09:25 PM

Hello,

  I developed a DMVPN solution in my company's lab and all worked well.  I am now rolling it out to the production network and I am seeing an attribute I never encountered in the lab.  The Hub shows the connection as up with an attribute of DN.  I now the D= Dynamic and the N= NATed, but I don't understand it.  I checked and there is no NAT going on.  What may be the issue?  I have googled the attributes and have not found anything yet. 

Labels:
0 Helpful
1 Reply 1

Rob Ingram
VIP
VIP

‎07-30-2018 08:22 AM

Hi,
Perhaps in production the spokes on the internet are behind a NAT device? It would only use NAT if it detected. If you enter the command "show dmvpn detail" check the SA local and remote and see if the port is 4500 < NAT or 500 < no nat.

Are you using IKEv2? If you run "show crypto ikev2 sa detailed" - check to see if see if NAT-T is detected or not.

HTH
0 Helpful
Customers Also Viewed These Support Documents