09-30-2011 07:21 AM - edited 02-21-2020 05:37 PM
I have a DMVPN network with multiple sites connected and all working OK with one exception. Two sites (that can connect spoke to spoke perfectly well to all other spoke routers in the network) cannot connect directly together and route traffic through the hub. Routing tables (EIGRP) show the routes are being correctly advertised, however show ip nhrp shows the following
Router 1 (Spoke router initiateing the connection)
10.31.248.246/32 via 10.31.248.246, Tunnel10 created 00:00:25, expire 00:09:34
Type: dynamic, Flags: router implicit
NBMA address: ****** Address of Router 2 *******
(no-socket)
Router 2 (recipient spoke router)
10.31.248.244/32 via 10.31.248.244
Tunnel10 created 00:01:53, expire 00:01:12
Type: dynamic, Flags: temporary
NBMA address: ***** Address of our DMVPN Server router ******
Any help resolving this would be hugely appreciated as the two affected offices are in Asia and our Server router is in US which means a round trip time that should be around 50 ms between these offices is actually taking over 400 ms
Solved! Go to Solution.
09-30-2011 08:02 AM
Hi,
What is most likely happening is that router1 already resolved correctly router2 via NHRP, but for some reason cannot establish IPsec to send a NHRP reply to router 2.
Can you check if ISAKMP/IPsec between those two routers is trying to establish when you ping from one side to the other? My guess is that you will see MM_NO_STATE ;-)
M.
09-30-2011 08:02 AM
Hi,
What is most likely happening is that router1 already resolved correctly router2 via NHRP, but for some reason cannot establish IPsec to send a NHRP reply to router 2.
Can you check if ISAKMP/IPsec between those two routers is trying to establish when you ping from one side to the other? My guess is that you will see MM_NO_STATE ;-)
M.
09-30-2011 08:33 AM
Marcin,
You are quite right and thanks very much for pointing me in the right directoin. It appears there used to be a static tunnel between these two routers and the pre-shared-key associated with that was still in the config at one end. I have now removed that and the tunnel is working as expected. Thank you very much for your help.
02-26-2020 11:08 PM
Hi Ricey,
I believe I have this same problem currently. Can you share with me the static tunnel you are saying that you removed? thanks.
08-01-2024 08:12 PM
clear ip nhrp
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide