03-07-2023 09:53 PM
I configured 4 routers with DMVPN. I can ping from hub to spokes (and vice versa ) but I can not ping from spokes to spokes there is my configuration and sh DMVPN for 3 routers. what is wrong with my configuration?
my hub configuration
int e0/0
ip add 192.168.1.100 255.255.255.0
no shut
ip route 192.168.2.0 255.255.255.0 192.168.1.1
ip route 192.168.3.0 255.255.255.0 192.168.1.1
ip route 192.168.4.0 255.255.255.0 192.168.1.1
///
DMVPN
crypto isakmp policy 1
encryption aes authentication pre-share
group 14
crypto isakmp key supersecretkey address 0.0.0.0
crypto ipsec transform-set trans2 esp-aes esp-sha-hmac
mode transport
crypto ipsec profile my_hub_vpn_profile
set transform-set trans2
Interface Tunnel0
ip address 10.1.1.1 255.255.255.0
ip address 10.0.0.1 255.255.255.0
ip nhrp authentication anothersupersecretkey
ip nhrp map multicast dynamic
ip nhrp network-id 99
ip nhrp holdtime 300
tunnel source 192.168.1.100
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile my_hub_vpn_profile
router eigrp 1
network 192.168.0.0
network 10.0.0.0
network 172.16.0.0
my spoke configuration
int e0/0
ip add 192.168.2.2 255.255.255.0
no shut
int loopback 0
ip route 192.168.1.100 255.255.255.255 192.168.2.1
ip route 192.168.1.100 255.255.255.255 192.168.2.1
/////
DMVPN
crypto isakmp policy 1
encryption aes authentication pre-share
group 14
crypto isakmp key supersecretkey address 0.0.0.0
crypto ipsec transform-set trans2 esp-aes esp-sha-hmac
mode transport
crypto ipsec profile my_hub_vpn_profile
set transform-set trans2
Interface Tunnel0
ip address 10.1.1.2 255.255.255.0
ip nhrp authentication anothersupersecretkey
ip nhrp map 10.1.1.1 192.168.1.100
ip nhrp map multicast 192.168.1.100
ip nhrp network-id 99
ip nhrp holdtime 300
ip nhrp nhs 10.1.1.1
tunnel source 192.168.2.2
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile my_spoke_vpn_profile
router eigrp 1
network 192.168.0.0
network 10.0.0.0
network 172.16.0.0
hub show DMVPN
spokes DMVPN
another spoke
Solved! Go to Solution.
03-08-2023 01:52 AM - edited 03-08-2023 01:54 AM
high level config looks ok - try on Hub below and test it.
interface tunnel 0 no ip split-horizon eigrp 1 no ip next-hop-self eigrp
still issue on the spoke add below config
interface tunnel 0
ip nhrp server-only
still not working, post show run from all the routers.
03-08-2023 01:52 AM - edited 03-08-2023 01:54 AM
high level config looks ok - try on Hub below and test it.
interface tunnel 0 no ip split-horizon eigrp 1 no ip next-hop-self eigrp
still issue on the spoke add below config
interface tunnel 0
ip nhrp server-only
still not working, post show run from all the routers.
03-08-2023 01:06 PM
the second configuration work can you explain it because it was not in the CCNP security core book for DMVPN hub and spoke
03-08-2023 07:04 PM
here is some reference guide (rather me pasting that information here)
there is good document i was referring when i was doing CCNP as below always helpfull to undertand each Phase how the packet flow take place :
https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2019/pdf/BRKSEC-3052.pdf (not sure you have access to download this PDF . lets try)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide