08-16-2018 11:28 AM - edited 02-21-2020 09:26 PM
Hi,
I have a weird issue and am wondering if anyone has any ideas about what may be wrong with my config. I have (2) ISR4Ks running Denali in a Hub and Spoke mGRE DMVPN solution. Everything works fine unless my Hub router is reloaded - at which point the DMVPN connection will fail and not return to service. Removing and reapplying the encryption profile on the Spoke end causes everything to start working again. Attached are the relevant(?) sections of the config from each. Any thoughts?
**Update** If I do nothing whatsoever about 25 minutes after the Hub has finished its reload the IPSEC SA will reform on its own
Solved! Go to Solution.
08-16-2018 12:38 PM
Found the correct solution to the weirdness. Setting the tunnel's NHRP holdtime to 300 seconds did the trick. Now the tunnel and EIGRP association come up within a few seconds of each other
Thank you
08-16-2018 11:36 AM
Hi,
You should configure dead peer detection (dpd), this will detect when the hub goes down and delete the old (down) tunnel after a period. Once the hub is back up a new tunnel should then allowed to be established, intiated from the spoke. Link here for info on dpd.
HTH
08-16-2018 11:47 AM - edited 08-16-2018 12:14 PM
That sounds kinda cool!
I'll check that out and get back to you, thank you for the tip
**Update** Well I added "crypto isakmp keepalive 30 5" and reloaded the Hub - but still have the same symptoms as before. Still, I appreciate the recommendation - always good to learn new things
08-16-2018 12:39 PM
08-16-2018 12:38 PM
Found the correct solution to the weirdness. Setting the tunnel's NHRP holdtime to 300 seconds did the trick. Now the tunnel and EIGRP association come up within a few seconds of each other
Thank you
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide