ā08-17-2022 07:29 AM
Dear Team,
We are facing issues with DMVPN tunnel from last 3 days. The NHRP state is showing as IKE. Could you please guide on how to troubleshoot further.
Sh ver
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.4(3)M3, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Fri 05-Jun-15 12:31 by prod_rel_team
ROM: System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)
R-DE-SON-GUEST1 uptime is 38 weeks, 6 days, 7 hours, 10 minutes
System returned to ROM by reload at 07:42:32 CET Thu Nov 18 2021
System restarted at 08:17:15 CET Thu Nov 18 2021
System image file is "usbflash0:c1900-universalk9-mz.SPA.154-3.M3.bin"
Last reload type: Normal Reload
Last reload reason: Reload Command
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Cisco CISCO1921/K9 (revision 1.0) with 475136K/49152K bytes of memory.
Processor board ID FCZ1932716Z
3 Gigabit Ethernet interfaces
1 terminal line
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity disabled.
255K bytes of non-volatile configuration memory.
245744K bytes of USB Flash usbflash0 (Read/Write)
Tunnel configuration on Spoke
Current configuration : 518 bytes
!
interface Tunnel0
description DMVPN Tunnel:R-DE-LB5-GUEST1
ip address 172.16.250.25 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication pw4GUEST
ip nhrp map 172.16.250.1 10.7.192.17
ip nhrp map multicast 10.7.192.17
ip nhrp network-id 100
ip nhrp nhs 172.16.250.1
ip tcp adjust-mss 1260
qos pre-classify
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel key 100
tunnel vrf GUEST
tunnel protection ipsec profile IPSEC-DMVPN-PROFILE ikev2-profile IKEv2-DMVPN-PROFILE
end
Tunnel configuration on Hub
interface Tunnel0
description DMVPN:MGRE
ip address 172.16.250.1 255.255.255.0
no ip redirects
ip mtu 1300
ip nat inside
ip nhrp authentication pw4GUEST
ip nhrp network-id 100
ip nhrp holdtime 7200
ip nhrp redirect
ip access-group ACL-DENY-GUEST-TO-GUEST in
zone-member security GUEST
qos pre-classify
keepalive 10 3
tunnel source GigabitEthernet0/0/2
tunnel mode gre multipoint
tunnel key 100
tunnel vrf GUEST
tunnel protection ipsec profile IPSEC-DMVPN-PROFILE ikev2-profile IKEv2-DMVPN-PROFILE
end
sh dmvpn status
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
N - NATed, L - Local, X - No Socket
T1 - Route Installed, T2 - Nexthop-override
C - CTS Capable
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
UpDn Time --> Up or Down Time for a Tunnel
==========================================================================
Interface: Tunnel0, IPv4 NHRP Details
Type:Spoke, NHRP Peers:1,
# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
1 10.7.192.17 172.16.250.1 IKE 3d09h S
ā08-17-2022 07:39 AM
tunnel vrf GUEST <<- in both tunnel
are you config IPsec VRF aware ?
ā08-17-2022 09:15 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide