cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4318
Views
0
Helpful
4
Replies

DMVPN Spoke to Spoke tunnel routing through hub

ricey
Level 1
Level 1

I have a DMVPN network with multiple sites connected and all working OK with one exception. Two sites (that can connect spoke to spoke perfectly well to all other spoke routers in the network) cannot connect directly together and route traffic through the hub. Routing tables (EIGRP) show the routes are being correctly advertised, however show ip nhrp shows the following

Router 1 (Spoke router initiateing the connection)

10.31.248.246/32 via 10.31.248.246, Tunnel10 created 00:00:25, expire 00:09:34

  Type: dynamic, Flags: router implicit

  NBMA address: ****** Address of Router 2 *******

    (no-socket)

Router 2 (recipient spoke router)

10.31.248.244/32 via 10.31.248.244

   Tunnel10 created 00:01:53, expire 00:01:12

   Type: dynamic, Flags: temporary

   NBMA address: ***** Address of our DMVPN Server router ******

Any help resolving this would be hugely appreciated as the two affected offices are in Asia and our Server router is in US which means a round trip time that should be around 50 ms between these offices is actually taking over 400 ms

1 Accepted Solution

Accepted Solutions

Marcin Latosiewicz
Cisco Employee
Cisco Employee

Hi,

What is most likely happening is that router1 already resolved correctly router2 via NHRP, but for some reason cannot establish IPsec to send a NHRP reply to router 2.

Can you check if ISAKMP/IPsec between those two routers is trying to establish when you ping from one side to the other? My guess is that you will see MM_NO_STATE ;-)

M.

View solution in original post

4 Replies 4

Marcin Latosiewicz
Cisco Employee
Cisco Employee

Hi,

What is most likely happening is that router1 already resolved correctly router2 via NHRP, but for some reason cannot establish IPsec to send a NHRP reply to router 2.

Can you check if ISAKMP/IPsec between those two routers is trying to establish when you ping from one side to the other? My guess is that you will see MM_NO_STATE ;-)

M.

Marcin,

You are quite right and thanks very much for pointing me in the right directoin. It appears there used to be a static tunnel between these two routers and the pre-shared-key associated with that was still in the config at one end. I have now removed that and the tunnel is working as expected. Thank you very much for your help.

Hi Ricey,

 

I believe I have this same problem currently. Can you share with me the static tunnel you are saying that you removed? thanks.

clear ip nhrp