11-17-2011 03:31 AM - edited 02-21-2020 05:42 PM
Hi all,
We have a customer wiht a DMVPN network phase 2. There are around 40 spokes. What I can see on all the spokes is between 10 and 15 IPsec spoke to spoke tunnels which is really strange as most of the spoke locations should only have between 1 to 4 spoke to spoke tunnels maximum.
My question is what could cause the spoke routers to create an IPsec spoke to spoke tunnel? Some weired applications?
IOS version: 12.4(15)T11 Platform: Cisco 1812.
Best regards,
Laurent
11-17-2011 04:44 AM
Its all depend on traffic between spoke to spoke and DMVPN is ment for that only ,if there will be interesting traffic Ipsec tunnel will be formed.
11-17-2011 04:49 AM
Hi,
But there may be an apllication that trigger this Spoke to spoke tunnels?
I cannot in the inspect sessions the IP of the destination spokes. So it looks it is a quick trigger, then inspect session time ud og IPsec SAs stayded for the defaut life time.
Regards,
Laurent
11-17-2011 04:52 AM
You can also verify with " show crypto ipsec sa " if the traffic is passing over tunnel.
11-17-2011 04:54 AM
Most the Spoke Spoke tunnels haven't any packets encrypted.
Regards,
Laurent
11-17-2011 05:02 AM
Then tunnels will teardown after sometime should not be issue .
11-17-2011 06:06 AM
Does the SAs cosume any ressource on the router?
11-17-2011 06:09 AM
Actual resources are consumed when encryption/decryption is there for traffic and performamce depends upon the hardware you using.
11-17-2011 06:20 AM
Thanks a lot!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide