07-11-2014 08:50 AM - edited 02-21-2020 07:43 PM
Hi,
I create a DMVPN cloud with 1 hub and 5 spokes, the main purpose of the VPN is for centralise voice deployment. Now all the spokes are up and connecting fine, i can see all the phones in the different sites and even browse to the phone webpages.
The problem i am having is two of the sites the phones registered with CUCM but the other sites even though i can see the phones they won't register to CUCM. See a copy of my config below, i use static route as the routing protocol.
++++++++++++
HUB
++++++++++++
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
!
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 10 3 periodic
crypto isakmp xauth timeout 20
!
crypto ipsec security-association lifetime seconds 7200
!
crypto ipsec transform-set DMVPN_SPOKE esp-aes
mode transport
!
crypto ipsec profile DMVPNspoke
set security-association lifetime seconds 86400
set security-association idle-time 86400
set transform-set DMVPN_SPOKE
!
interface Tunnel0
description <<< TUNNEL >>>
bandwidth 1000
ip address 192.168.222.1 255.255.255.0
no ip redirects
ip mtu 1452
ip nhrp authentication client
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip nhrp holdtime 300
ip nhrp shortcut
ip nhrp redirect
ip virtual-reassembly max-fragments 64
ip tcp adjust-mss 1360
delay 30
tunnel source dialer 1
tunnel mode gre multipoint
tunnel key 131
tunnel protection ipsec profile DMVPNspoke shared
crypto isakmp key cisco address 77.95.xxx.xxx
+++++++++++
SPOKE
+++++++++++
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
!
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 10 3 periodic
crypto isakmp xauth timeout 20
!
crypto ipsec security-association lifetime seconds 7200
!
crypto ipsec transform-set DMVPN_SPOKE esp-aes
mode transport
!
crypto ipsec profile DMVPNspoke
set security-association lifetime seconds 86400
set security-association idle-time 86400
set transform-set DMVPN_SPOKE
!
interface Tunnel0
description <<< TUNNEL >>>
bandwidth 1000
ip address 192.168.222.11 255.255.255.0
no ip redirects
ip mtu 1452
ip nhrp authentication client
ip nhrp map multicast 212.20.xxx.xxx
ip nhrp map 192.168.222.1 xxx.xxx.xxx.xxx
ip nhrp network-id 1
ip nhrp holdtime 300
ip nhrp nhs 192.168.222.1
ip nhrp shortcut
ip nhrp redirect
ip virtual-reassembly max-fragments 64
ip tcp adjust-mss 1360
delay 30
tunnel source dialer 1
tunnel mode gre multipoint
tunnel key 131
tunnel protection ipsec profile DMVPNspoke shared
crypto isakmp key cisco address xxx.xxx.xxx.xxx
Solved! Go to Solution.
07-12-2014 01:26 AM
Hi Ray,
Do you get any error for failing to register in to CUCM? Do you have the proper rules in both the ends allowing the voice traffic through the tunnel..... like Qos / Inspect statements is already been configured.... have you checked the reachability of CUCM server from those spoke sites???
Regards
Karthik
07-12-2014 01:26 AM
Hi Ray,
Do you get any error for failing to register in to CUCM? Do you have the proper rules in both the ends allowing the voice traffic through the tunnel..... like Qos / Inspect statements is already been configured.... have you checked the reachability of CUCM server from those spoke sites???
Regards
Karthik
07-13-2014 10:03 AM
Hi nkarthikeyan,
haven't applied any Qos or inspect statements, the only devices traversing the VPN is the voice traffic. I can reach the CUCM from every spokes and i can reach the spokes from the HUB.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide