Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
647
Views
0
Helpful
2
Replies

DMVPN Issue

SHABEEB KUNHIPOCKER
Level 3
Level 3

‎08-26-2015 02:44 PM - edited ‎02-21-2020 08:25 PM

Hello ,

 

I have a DMVPN cloud with 40 spokes and 2 Hubs. The routing protocol is EIGRP. Some of the spokes are behind an ADSL modem and some are behind a 3G router(the spoke ip address is getting Natted to the modem public IP). Clearly the spokes does not have a fixed public IP. So now am facing an issue that when the 3G modem or ADSL modem restarts the public IP changes and the spokes looses the connection to hub. I tried isakmp keepalives and invalid-spi-recovery. I ran packet capture on the hub and found that even after the spoke up address is changed the hub sending the packets to the old ip address.Please help me to resolve the issue ASAP.

 

The spoke config is 

crypto isakmp policy 1
 encr 3des
 hash md5
 authentication pre-share
 group 2

 crypto isakmp key xxxxxx
 crypto ipsec transform-set DMVPN-TS esp-aes esp-sha256-hmac
 mode transport
crypto ipsec profile xxxxxxxxxxx
 set security-association lifetime seconds 86400
 set transform-set DMVPN-TS
 
 interface Tunnel0
 description ***To HQ Primary WAN Router***
 ip address x.x.x.x 255.255.255.0
 no ip redirects
 ip mtu 1400
 ip nhrp authentication xxxxx
 ip nhrp map multicast dynamic
 ip nhrp map multicast x.x.x.x
 ip nhrp map x.x.x.x x.x.x.x
 ip nhrp network-id 1
 ip nhrp nhs x.x.x.x
 ip tcp adjust-mss 1360
 no ip split-horizon eigrp 101
 tunnel source g0/1
 tunnel mode gre multipoint
 tunnel key x.x.x.x
 tunnel protection ipsec profile xxxxxxxxxx
 

The Hub config is

crypto isakmp policy 1
 encr 3des
 hash md5
 authentication pre-share
 group 2
crypto isakmp key xxxxxxxxxxxx

crypto ipsec profile xxxxxxxxxxxx
 set security-association lifetime seconds 86400
 set transform-set DMVPN-TS 

interface Tunnel0
 description *** To BRANCHES ***
 ip address x.x.x.x x.x.x.x
 no ip redirects
 ip mtu 1400
 no ip split-horizon eigrp 101
 ip nhrp authentication xxxxx
 ip nhrp map multicast dynamic
 ip nhrp network-id 1
 ip nhrp shortcut
 ip nhrp redirect
 ip tcp adjust-mss 1360
 tunnel source GigabitEthernet0/1
 tunnel mode gre multipoint
 tunnel key xxxxxxxxxx
 tunnel protection ipsec profile xxxxxxxxxx
end

Thanks in advance

 

Shabeeb 

 

Labels:
0 Helpful
2 Replies 2

pjain2
Cisco Employee
Cisco Employee

‎09-03-2015 12:23 AM

Hey Shabeeb,

 

When the spoke's ip address changes, is the hub able to ping the new public ip of the spoke?

Also do you see the phase 1 and the phase2 on the hub and the spoke coming up?

Regards 

0 Helpful

Karsten Iwen
VIP
VIP

‎09-03-2015 11:43 PM

There is the following nhrp-command missing under the tunnel-config of the spoke:

 ip nhrp registration no-unique

 

0 Helpful
Customers Also Viewed These Support Documents