Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
577
Views
2
Helpful
3
Replies

DMVPN configuration

Go to solution
bobakRunaghi
Level 1
Level 1

‎03-07-2023 09:53 PM

I configured 4 routers with DMVPN. I can ping from hub to spokes (and vice versa ) but I can not ping from spokes to spokes there is my configuration and sh DMVPN for 3 routers. what is wrong with my configuration?

my hub configuration

 

 

 

 

int e0/0
ip add 192.168.1.100 255.255.255.0
no shut
ip route 192.168.2.0 255.255.255.0 192.168.1.1
ip route 192.168.3.0 255.255.255.0 192.168.1.1
ip route 192.168.4.0 255.255.255.0 192.168.1.1
///
DMVPN
crypto isakmp policy 1
encryption aes authentication pre-share
group 14 
crypto isakmp key supersecretkey address 0.0.0.0
crypto ipsec transform-set trans2 esp-aes esp-sha-hmac
mode transport
crypto ipsec profile my_hub_vpn_profile
set transform-set trans2
Interface Tunnel0
ip address 10.1.1.1 255.255.255.0
ip address 10.0.0.1 255.255.255.0
ip nhrp authentication anothersupersecretkey
ip nhrp map multicast dynamic
ip nhrp network-id 99
ip nhrp holdtime 300
tunnel source 192.168.1.100
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile my_hub_vpn_profile
router eigrp 1
network 192.168.0.0
network 10.0.0.0
network 172.16.0.0

 

 

 

 

 

my spoke configuration

 

 

 

 

int e0/0
ip add 192.168.2.2 255.255.255.0
no shut
int loopback 0
ip route 192.168.1.100 255.255.255.255 192.168.2.1
ip route 192.168.1.100 255.255.255.255 192.168.2.1 
/////
DMVPN
crypto isakmp policy 1
encryption aes authentication pre-share
group 14 
crypto isakmp key supersecretkey address 0.0.0.0
crypto ipsec transform-set trans2 esp-aes esp-sha-hmac
mode transport
crypto ipsec profile my_hub_vpn_profile
set transform-set trans2
Interface Tunnel0
ip address 10.1.1.2 255.255.255.0
ip nhrp authentication anothersupersecretkey
ip nhrp map 10.1.1.1 192.168.1.100
ip nhrp map multicast 192.168.1.100
ip nhrp network-id 99 
ip nhrp holdtime 300 
ip nhrp nhs 10.1.1.1
tunnel source 192.168.2.2
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile my_spoke_vpn_profile
router eigrp 1
network 192.168.0.0
network 10.0.0.0
network 172.16.0.0

 

 

 

 

 

 hub show DMVPN

Screenshot from 2023-03-07 21-29-35.png

spokes DMVPN

Screenshot from 2023-03-07 21-32-50.png

another spoke

Screenshot from 2023-03-07 21-36-09.png

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎03-08-2023 01:52 AM - edited ‎03-08-2023 01:54 AM

high level config looks ok - try on Hub  below and test it.

 

interface tunnel 0
no ip split-horizon eigrp 1
no ip next-hop-self eigrp

still issue on the  spoke add below config

interface tunnel 0
ip nhrp server-only

still not working, post show run from all the routers.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

3 Replies 3

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎03-08-2023 01:52 AM - edited ‎03-08-2023 01:54 AM

high level config looks ok - try on Hub  below and test it.

 

interface tunnel 0
no ip split-horizon eigrp 1
no ip next-hop-self eigrp

still issue on the  spoke add below config

interface tunnel 0
ip nhrp server-only

still not working, post show run from all the routers.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
bobakRunaghi
Level 1
Level 1
In response to balaji.bandi

‎03-08-2023 01:06 PM

the second configuration  work can you explain it because it was not in the CCNP security core  book for DMVPN hub and spoke

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to bobakRunaghi

‎03-08-2023 07:04 PM

here is some reference guide (rather me pasting that information here)

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nhrp/configuration/xe-16/nhrp-xe-16-book.pdf

there is good document i was referring when i was doing CCNP as below always helpfull to undertand each Phase how the packet flow take place :

https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2019/pdf/BRKSEC-3052.pdf  (not sure you have access to download this PDF . lets try)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents