cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2577
Views
0
Helpful
4
Replies

DMVPN - show crypto session - showing session status: down-negotiating

shafhuss
Level 1
Level 1

We have configured two hubs and two spokes, but the tunnel is not coming up. when checked in debug logs, it is not going further - it struck at IKE_I_MM2

 

Here are the logs for your reference.

4 Replies 4

Hi,
Is this a new deployment or did this previously work?
The errors would seem to indicate a communicate issue when attempting to establish a tunnel. Is there a firewall/ACL in the path? Is UDP 500 and ESP permitted? If natting you'll need UDP 500 and UDP 4500 (NAT-T).

HTH

Client has confirmed that there is no firewall/acl. Router is directly speaking to ISP. There are two new spokes configured, however there are already another 6 spokes which are connected to 2 hubs and are working fine.

Are these debugs from the spoke or the hub?
Can you please provide the running config from the spoke and hub please?

Here are the debug logs from both spokes. Can you please let me know your email id on which i can share the config. 

(I cannot put the config here as it could be made public)