06-11-2009 04:28 PM - edited 02-21-2020 04:15 PM
I seem to be having issues with communication between DMVPN spokes and EZVPN clients.
I've got a 3825 Router at my DataCenter connecting to our MPLS backbone and also acting as a DMVPN HUB for a long site (last site left to be migrated to MPLS) and EZVPN server for remote client access. The router is behind a 2821 serving as a Internet Gateway which provides NAT and Firewall. Routing is both iBGP internally and eBGP externally.
EZVPN Clients utilize VPN-on-a-Stick to provide for Internet Access without enabling Split Tunneling.
Everything works fine except communication between EZVPN Client and the DMVPN spoke. Tracert from client to seems to show traffic hitting my on Internet Router's Interface that's connected to GI0/0 on the MPLS/DMVPN HUB/EZVPN HUB router that's in question.
I'm scratching my head on this one and would appreciate any help that anyone can offer.
Note: I just switched from EIGRP to BGP internally (MPLS connection has always been BGP) and had trouble with BGP between Hub and Spoke which is the reasoning for the static routes (X.29, X.30, X.31) to the Spoke. There is only one Spoke because the network used to be a DMVPN backbone between 8 sites untill I implemented a MPLS VPN backbone. Remaing site has yet to be migrated - waiting now on new MPLS provider to implement - so this is a somewhat temporary.
06-11-2009 08:00 PM
This has been solved. Since I was using static routes with the Spoke - I needed to add a static route on the spoke which pointed to the IP Address rage of the EZVPN clients.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide