Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1883
Views
0
Helpful
3
Replies

FlexVPN does not work between spokes

Go to solution
Maksym Ozerov
Visitor

‎05-13-2020 05:32 PM - edited ‎05-13-2020 05:44 PM

There is a hub router and a few spokes routers in my network. The spokes work well with the hub but cannot set up tunnel between them from virtual-template.

 

HUB:

aaa new-model

aaa authorization network default local

aaa session-id common

 

crypto isakmp invalid-spi-recovery

crypto ikev2 fragmentation

 

crypto ikev2 authorization policy default

 pool Spokes

 route set interface

 

crypto ikev2 keyring My_key

 peer Spokes

 address 0.0.0.0 0.0.0.0

 pre-shared-key local my_key

 pre-shared-key remote my_key

 

crypto ikev2 profile My_IKEv2

 match identity remote address 0.0.0.0

 authentication remote pre-share

 authentication local pre-share

 keyring local My_key

 aaa authorization group psk list default default

 virtual-template 1

crypto ikev2 dpd 30 5 on-demand

 

crypto ipsec transform-set My_IKEv2 esp-gcm 256

 mode tunnel

 

crypto ipsec profile default

 set ikev2-profile My_IKEv2

 set transform-set My_IKEv2

 

crypto ikev2 proposal default

 no integrity

 encryption aes-gcm-256

 prf sha256

 group 20

 

interface Loopback1

 ip address 10.67.0.1 255.255.255.255

interface Virtual-Template1 type tunnel

 ip mtu 1400

 ip unnumbered lo1

 ip nhrp network-id 10

 ip nhrp redirect

 ip tcp adjust-mss 1352

 tunnel protection ipsec profile default

ip local pool Spokes 10.67.4.1 10.67.7.254

 

router eigrp 1

 network 10.67.0.0 0.0.255.255

 no passive-interface Loopback1

 no passive-interface Virtual-Template1

 

Spoke1:

aaa new-model

aaa authorization network default local

aaa session-id common

 

crypto isakmp invalid-spi-recovery

crypto ikev2 fragmentation

 

crypto ikev2 keyring My_key

 peer Spokes

 address 0.0.0.0 0.0.0.0

 pre-shared-key local my_key

 pre-shared-key remote my_key

 

crypto ikev2 profile My_IKEv2

 match identity remote address 0.0.0.0

 authentication remote pre-share

 authentication local pre-share

 keyring local My_key

 aaa authorization group psk list default default

 virtual-template 1

crypto ikev2 dpd 30 5 on-demand

 

crypto ipsec transform-set My_IKEv2 esp-gcm 256

 mode tunnel

 

crypto ipsec profile default

 set ikev2-profile My_IKEv2

 set transform-set My_IKEv2

 

crypto ikev2 proposal default

 no integrity

 encryption aes-gcm-256

 prf sha256

 group 20

 

interface Tunnel20

 ip address negotiated

 ip access-group TUNIN in

 ip access-group TUNOUT out

 ip mtu 1400

 ip nhrp network-id 10

 ip nhrp shortcut virtual-template 1

 ip nhrp redirect

 ip tcp adjust-mss 1352

 tunnel source di0

 tunnel destination my_hub_ip_address

 tunnel protection ipsec profile default

 

 

interface Virtual-Template1 type tunnel

 ip unnumbered di0

 ip access-group TUNIN in

 ip access-group TUNOUT out

 ip mtu 1400

 ip nhrp network-id 10

 ip nhrp shortcut virtual-template 1

 ip nhrp redirect

 ip tcp adjust-mss 1352

 tunnel protection ipsec profile default ikev2-profile My_IKEv2

 

router eigrp 1

 network 10.67.0.0 0.0.255.255

 passive-interface default

 no passive-interface Tunnel20

 no passive-interface Virtual-Template1

 

Spoke2:

aaa new-model

aaa authorization network default local

aaa session-id common

 

crypto isakmp invalid-spi-recovery

crypto ikev2 fragmentation

 

crypto ikev2 keyring My_key

 peer Spokes

 address 0.0.0.0 0.0.0.0

 pre-shared-key local my_key

 pre-shared-key remote my_key

 

crypto ikev2 profile My_IKEv2

 match identity remote address 0.0.0.0

 authentication remote pre-share

 authentication local pre-share

 keyring local My_key

 aaa authorization group psk list default default

 virtual-template 1

crypto ikev2 dpd 30 5 on-demand

 

crypto ipsec transform-set My_IKEv2 esp-gcm 256

 mode tunnel

 

crypto ipsec profile default

 set ikev2-profile My_IKEv2

 set transform-set My_IKEv2

 

crypto ikev2 proposal default

 no integrity

 encryption aes-gcm-256

 prf sha256

 group 20

 

interface Tunnel20

 ip address negotiated

 ip access-group TUNIN in

 ip access-group TUNOUT out

 ip mtu 1400

 ip nhrp network-id 10

 ip nhrp shortcut virtual-template 1

 ip nhrp redirect

 ip tcp adjust-mss 1352

 tunnel source fa8

 tunnel destination my_hub_ip_address

 tunnel protection ipsec profile default

 

 

interface Virtual-Template1 type tunnel

 ip unnumbered fa8

 ip access-group TUNIN in

 ip access-group TUNOUT out

 ip mtu 1400

 ip nhrp network-id 10

 ip nhrp shortcut virtual-template 1

 ip nhrp redirect

 ip tcp adjust-mss 1352

 tunnel protection ipsec profile default ikev2-profile My_IKEv2

 

router eigrp 1

 network 10.67.0.0 0.0.255.255

 passive-interface default

 no passive-interface Tunnel20

 no passive-interface Virtual-Template1

 

spoke1#show crypto ikev2 sa

 IPv4 Crypto IKEv2  SA

 

Tunnel-id Local                 Remote                fvrf/ivrf            Status

1         spoke1_ip/500   hub_ip/500     none/none            READY

      Encr: AES-GCM, keysize: 256, PRF: SHA256, Hash: None, DH Grp:20, Auth sign: PSK, Auth verify: PSK

      Life/Active Time: 86400/395 sec

 

Tunnel-id Local                 Remote                fvrf/ivrf            Status

2         spoke1_ip/500   spoke2_ip/500      none/none            READY

      Encr: AES-GCM, keysize: 256, PRF: SHA256, Hash: None, DH Grp:20, Auth sign: PSK, Auth verify: PSK

      Life/Active Time: 86400/8 sec

 

 

 

 

spoke2#sh crypto ikev2 sa

 IPv4 Crypto IKEv2  SA

 

Tunnel-id Local                 Remote                fvrf/ivrf            Status

3         spoke2_ip/500      spoke1_ip/500   none/none            DELETE

      Encr: AES-GCM, keysize: 256, PRF: SHA256, Hash: None, DH Grp:20, Auth sign: PSK, Auth verify: PSK

      Life/Active Time: 300/117 sec

 

Tunnel-id Local                 Remote                fvrf/ivrf            Status

1         spoke2_ip/500      hub_ip/500     none/none            READY

      Encr: AES-GCM, keysize: 256, PRF: SHA256, Hash: None, DH Grp:20, Auth sign: PSK, Auth verify: PSK

      Life/Active Time: 86400/323 sec

 

 IPv6 Crypto IKEv2  SA

 

 

 

debug spoke1:

000070: May 14 03:25:03.862 EET: IKEv2:(SESSION ID = 8,SA ID = 2):Building packet for encryption.

000071: May 14 03:25:03 EET: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to down

000072: May 14 03:25:30 EET: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state to down

000073: May 14 03:25:30.609 EET: IKEv2-ERROR:%Invalid msg context handle

 

000074: May 14 03:25:30.613 EET: IPSEC(crypto_ipsec_kmi_send_message): Invalid KMI msg id: 13

000075: May 14 03:25:30.613 EET: IPSEC(crypto_ipsec_send_ready): Couldn't send KMI message

000076: May 14 03:25:30.613 EET: insert of map into mapdb AVL failed, map + ace pair already exists on the mapdb

000077: May 14 03:25:30.613 EET: IPSEC: Expand action denied, discard or forward packet.

000078: May 14 03:25:30.613 EET: IPSEC: Expand action denied, notify RP

000079: May 14 03:25:30.613 EET: IPSEC: Expand action denied, discard or forward packet.

000080: May 14 03:25:30.613 EET: IPSEC: Expand action denied, discard or forward packet.

000081: May 14 03:25:32.597 EET: IKEv2:(SESSION ID = 9,SA ID = 2):Retransmitting packet

 

000082: May 14 03:25:32.597 EET: IKEv2:(SESSION ID = 9,SA ID = 2):Sending Packet [To spoke2_ip:500/From spoke1_ip:500/VRF i0:f0]

Initiator SPI : 9228A8F046534DA5 - Responder SPI : 38DBC6DE3E92DD9B Message id: 2

IKEv2 INFORMATIONAL Exchange REQUEST

Payload contents:

 ENCR

 

000083: May 14 03:25:36.213 EET: IKEv2:(SESSION ID = 9,SA ID = 2):Retransmitting packet

 

000084: May 14 03:25:36.213 EET: IKEv2:(SESSION ID = 9,SA ID = 2):Sending Packet [To spoke2_ip:500/From spoke1_ip:500/VRF i0:f0]

Initiator SPI : 9228A8F046534DA5 - Responder SPI : 38DBC6DE3E92DD9B Message id: 2

IKEv2 INFORMATIONAL Exchange REQUEST

Payload contents:

 ENCR

 

 

 

 

debug spoke2:

 

000063: May 14 03:19:20 EET: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to down

000064: May 14 03:19:21 EET: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up

000065: May 14 03:19:21 EET: %ADJ-5-PARENT: Midchain parent maintenance for IP midchain out of Virtual-Access1 (incomplete) - looped chain attempting to stack

000066: May 14 03:19:30 EET: %TUN-5-RECURDOWN: Virtual-Access1 temporarily disabled due to recursive routing

000067: May 14 03:19:30 EET: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to down

000068: May 14 03:19:30 EET: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to down

000069: May 14 03:23:20 EET: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to down

000070: May 14 03:23:20 EET: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up

000071: May 14 03:23:20 EET: %ADJ-5-PARENT: Midchain parent maintenance for IP midchain out of Virtual-Access1 (incomplete) - looped chain attempting to stack

000072: May 14 03:23:30 EET: %TUN-5-RECURDOWN: Virtual-Access1 temporarily disabled due to recursive routing

000073: May 14 03:23:30 EET: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to down

000074: May 14 03:23:30 EET: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to down

000075: May 14 03:24:51 EET: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to down

000076: May 14 03:24:51.938 EET: IKEv2-ERROR:%Invalid msg context handle

 

000077: May 14 03:24:51.938 EET: IPSEC(crypto_ipsec_kmi_send_message): Invalid KMI msg id: 13

000078: May 14 03:24:51.938 EET: IPSEC(crypto_ipsec_send_ready): Couldn't send KMI message

000079: May 14 03:24:51.942 EET: insert of map into mapdb AVL failed, map + ace pair already exists on the mapdb

000080: May 14 03:24:51.942 EET: IPSEC: Expand action denied, discard or forward packet.

000081: May 14 03:24:51.942 EET: IPSEC: Expand action denied, notify RP

000082: May 14 03:24:51.942 EET: IPSEC: Expand action denied, discard or forward packet.

000083: May 14 03:24:51.942 EET: IPSEC: Expand action denied, discard or forward packet.

000084: May 14 03:24:53.982 EET: IKEv2:(SESSION ID = 7,SA ID = 2):Retransmitting packet

 

000085: May 14 03:24:53.982 EET: IKEv2:(SESSION ID = 7,SA ID = 2):Sending Packet [To spoke1_ip:500/From spoke2_ip:500/VRF i0:f0]

Initiator SPI : F99EEE1B05876B31 - Responder SPI : E5DA75C2842D003C Message id: 2

IKEv2 INFORMATIONAL Exchange REQUEST

Payload contents:

 ENCR

 

000086: May 14 03:24:57.726 EET: IKEv2:(SESSION ID = 7,SA ID = 2):Retransmitting packet

 

000087: May 14 03:24:57.726 EET: IKEv2:(SESSION ID = 7,SA ID = 2):Sending Packet [To spoke1_ip:500/From spoke2_ip:500/VRF i0:f0]

Initiator SPI : F99EEE1B05876B31 - Responder SPI : E5DA75C2842D003C Message id: 2

IKEv2 INFORMATIONAL Exchange REQUEST

Payload contents:

 ENCR

 

000088: May 14 03:25:01 EET: %TUN-5-RECURDOWN: Virtual-Access1 temporarily disabled due to recursive routing

000089: May 14 03:25:01 EET: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to down

000090: May 14 03:25:01.922 EET: IPSEC(delete_sa): deleting SA,

  (sa) sa_dest= spoke2_ip, sa_proto= 50,

    sa_spi= 0xDD0E58B0(3708704944),

    sa_trans= esp-gcm 256 , sa_conn_id= 1014

    sa_lifetime(k/sec)= (4608000/3600),

  (identity) local= spoke2_ip:0, remote= spoke1_ip:0,

    local_proxy= spoke2_ip/255.255.255.255/47/0,

    remote_proxy= spoke1_ip/255.255.255.255/47/0

000091: May 14 03:25:01.922 EET: IPSEC(delete_sa): SA found saving DEL kmi

000092: May 14 03:25:01.922 EET: IPSEC(delete_sa): deleting SA,

  (sa) sa_dest= spoke1_ip, sa_proto= 50,

    sa_spi= 0xFAC73C11(4207361041),

    sa_trans= esp-gcm 256 , sa_conn_id= 1013

    sa_lifetime(k/sec)= (4608000/3600)

000093: May 14 03:25:01 EET: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to down

000094: May 14 03:25:03.887 EET: IKEv2:(SESSION ID = 7,SA ID = 2):Retransmitting packet

 

000095: May 14 03:25:03.887 EET: IKEv2:(SESSION ID = 7,SA ID = 2):Sending Packet [To spoke1_ip:500/From spoke2_ip:500/VRF i0:f0]

Initiator SPI : F99EEE1B05876B31 - Responder SPI : E5DA75C2842D003C Message id: 3

IKEv2 INFORMATIONAL Exchange REQUEST

Payload contents:

 ENCR

 

 

000096: May 14 03:25:30.656 EET: IKEv2:Received Packet [From spoke1_ip:500/To spoke2_ip:500/VRF i0:f0]

Initiator SPI : 9228A8F046534DA5 - Responder SPI : 0000000000000000 Message id: 0

IKEv2 IKE_SA_INIT Exchange REQUEST

Payload contents:

 SA KE N VID

 

000097: May 14 03:25:42.517 EET: IKEv2:(SESSION ID = 8,SA ID = 2):Received Packet [From spoke1_ip:500/To spoke2_ip:500/VRF i0:f0]

Initiator SPI : 9228A8F046534DA5 - Responder SPI : 38DBC6DE3E92DD9B Message id: 4

IKEv2 INFORMATIONAL Exchange REQUEST

Payload contents:

 DELETE NOTIFY(DELETE_REASON)

 

000098: May 14 03:25:42.517 EET: IKEv2:(SESSION ID = 8,SA ID = 2):

000099: May 14 03:25:42 EET: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to down

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Maksym Ozerov
Visitor
In response to Maksym Ozerov

‎05-14-2020 02:17 PM

This trouble has resolved! I changed in my spokes in unnumbered interface:

 

interface Virtual-Template1 type tunnel

 ip unnumbered Tunnel10

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Rob Ingram
VIP
VIP

‎05-14-2020 01:56 AM

Hi,

You've got a routing loop %TUN-5-RECURDOWN: Virtual-Access1 temporarily disabled due to recursive routing

 

You'll learn the routes via the hub, so remove "no passive-interface Virtual-Template1" and try again.


HTH

0 Helpful

Go to solution
Maksym Ozerov
Visitor
In response to Rob Ingram

‎05-14-2020 06:43 AM

I disabled eigrp on passive-interface Virtual-Template1 in my hub. The trouble still exist.

 

router eigrp 1

network 10.67.0.0 0.0.255.255

passive-interface default

no passive-interface Loopback1

 

There aren’t log messages on my hub when I am trying to ping one spoke from other

 

hub#show debugging

EIGRP:

  Route Event debugging is on

EIGRP-IPv4: Address-Family:

  Route Event debugging is on

IKEV2:

  IKEv2 error debugging is on

  IKEv2 default debugging is on

 

 

Spoke1:

Spoke1#show debugging

EIGRP:

  Packet debugging is on

  Route Event debugging is on

EIGRP-IPv4: Address-Family:

  Route Event debugging is on

IKEV2:

  IKEv2 error debugging is on

  IKEv2 default debugging is on

Cryptographic Subsystem:

  Crypto IPSEC debugging is on

  Crypto IPSEC Error debugging is on

 

Spoke2:

Spoke2#show debugging

EIGRP:

  Packet debugging is on

  Route Event debugging is on

EIGRP-IPv4: Address-Family:

  Route Event debugging is on

IKEV2:

  IKEv2 error debugging is on

  IKEv2 default debugging is on

Cryptographic Subsystem:

  Crypto IPSEC debugging is on

  Crypto IPSEC Error debugging is on

 

 

Spoke1 log:

012701: May 14 16:32:13.953 EET:   AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0

012702: May 14 16:32:15.005 EET: EIGRP: Sending HELLO on Tu20 - paklen 20

012703: May 14 16:32:15.005 EET:   AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0

012704: May 14 16:32:18.829 EET: EIGRP: Received HELLO on Tu20 - paklen 20 nbr 10.67.0.2

012705: May 14 16:32:18.829 EET:   AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0

012706: May 14 16:32:19.709 EET: EIGRP: Sending HELLO on Tu20 - paklen 20

012707: May 14 16:32:19.709 EET:   AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0

012708: May 14 16:32:21 EET: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state to down

012709: May 14 16:32:21.973 EET: IKEv2-ERROR:%Invalid msg context handle

 

012710: May 14 16:32:21.977 EET: IPSEC(crypto_ipsec_kmi_send_message): Invalid KMI msg id: 13

012711: May 14 16:32:21.977 EET: IPSEC(crypto_ipsec_send_ready): Couldn't send KMI message

012712: May 14 16:32:21.977 EET: insert of map into mapdb AVL failed, map + ace pair already exists on the mapdb

012713: May 14 16:32:21.977 EET: IPSEC: Expand action denied, discard or forward packet.

012714: May 14 16:32:21.977 EET: IPSEC: Expand action denied, notify RP

012715: May 14 16:32:21.977 EET: IPSEC: Expand action denied, discard or forward packet.

012716: May 14 16:32:21.977 EET: IPSEC: Expand action denied, discard or forward packet.

012717: May 14 16:32:23.425 EET: EIGRP: Received HELLO on Tu20 - paklen 20 nbr 10.67.0.2

012718: May 14 16:32:23.425 EET:   AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0

012719: May 14 16:32:24.013 EET: IKEv2:(SESSION ID = 191,SA ID = 2):Retransmitting packet

 

012720: May 14 16:32:24.013 EET: IKEv2:(SESSION ID = 191,SA ID = 2):Sending Packet [To spoke2_ip:500/From spoke1_ip:500/VRF i0:f0]

Initiator SPI : 584162B685FD3660 - Responder SPI : 5F758222BB7B3F31 Message id: 2

IKEv2 INFORMATIONAL Exchange REQUEST

Payload contents:

 ENCR

 

012721: May 14 16:32:27.853 EET: EIGRP: Received HELLO on Tu20 - paklen 20 nbr 10.67.0.2

012722: May 14 16:32:27.853 EET:   AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0

012723: May 14 16:32:27.953 EET: IKEv2:(SESSION ID = 191,SA ID = 2):Retransmitting packet

 

012724: May 14 16:32:27.953 EET: IKEv2:(SESSION ID = 191,SA ID = 2):Sending Packet [To spoke2_ip:500/From spoke1_ip:500/VRF i0:f0]

 

012725: May 14 16:32:28.685 EET: EIGRP: Sending HELLO on Tu20 - paklen 20

012726: May 14 16:32:28.685 EET:   AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0

012727: May 14 16:32:31 EET: %TUN-5-RECURDOWN: Virtual-Access3 temporarily disabled due to recursive routing

012728: May 14 16:32:31 EET: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state to down

012729: May 14 16:32:31.969 EET: IPSEC(delete_sa): deleting SA,

  (sa) sa_dest= spoke1_ip, sa_proto= 50,

    sa_spi= 0x31A70158(833028440),

    sa_trans= esp-gcm 256 , sa_conn_id= 1406

    sa_lifetime(k/sec)= (4608000/3600),

  (identity) local= spoke1_ip:0, remote= spoke2_ip:0,

    local_proxy= spoke1_ip/255.255.255.255/47/0,

    remote_proxy= spoke2_ip/255.255.255.255/47/0

012730: May 14 16:32:31.969 EET: IPSEC(delete_sa): SA found saving DEL kmi

012731: May 14 16:32:31.969 EET: IPSEC(delete_sa): deleting SA,

  (sa) sa_dest= spoke2_ip, sa_proto= 50,

    sa_spi= 0x557FBC1B(1434434587),

    sa_trans= esp-gcm 256 , sa_conn_id= 1405

    sa_lifetime(k/sec)= (4608000/3600)

012732: May 14 16:32:31 EET: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to down

012733: May 14 16:32:33.349 EET: EIGRP: Sending HELLO on Tu20 - paklen 20

012734: May 14 16:32:33.349 EET:   AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0

012735: May 14 16:32:33.805 EET: IKEv2:(SESSION ID = 191,SA ID = 2):Retransmitting packet

 

012736: May 14 16:32:33.805 EET: IKEv2:(SESSION ID = 191,SA ID = 2):Sending Packet [To spoke2_ip:500/From spoke1_ip:500/VRF i0:f0]

Initiator SPI : 584162B685FD3660 - Responder SPI : 5F758222BB7B3F31 Message id: 3

IKEv2 INFORMATIONAL Exchange REQUEST

Payload contents:

 ENCR

 

012737: May 14 16:32:37.126 EET: EIGRP: Received HELLO on Tu20 - paklen 20 nbr 10.67.0.2

012738: May 14 16:32:37.126 EET:   AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0

012739: May 14 16:32:37.902 EET: EIGRP: Sending HELLO on Tu20 - paklen 20

012740: May 14 16:32:37.902 EET:   AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0

012741: May 14 16:32:42.002 EET: EIGRP: Received HELLO on Tu20 - paklen 20 nbr 10.67.0.2

012742: May 14 16:32:42.002 EET:   AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0

012743: May 14 16:32:42.350 EET: EIGRP: Sending HELLO on Tu20 - paklen 20

012744: May 14 16:32:42.350 EET:   AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0

012745: May 14 16:32:46.858 EET: EIGRP: Sending HELLO on Tu20 - paklen 20

012746: May 14 16:32:46.858 EET:   AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0

012747: May 14 16:32:46.982 EET: EIGRP: Received HELLO on Tu20 - paklen 20 nbr 10.67.0.2

 

Spoke2 log:

 

012703: May 14 16:32:12.105 EET: EIGRP: Received HELLO on Tu20 - paklen 20 nbr 10.67.0.2

012704: May 14 16:32:12.105 EET:   AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0

012705: May 14 16:32:12.769 EET: EIGRP: Sending HELLO on Tu20 - paklen 20

012706: May 14 16:32:12.769 EET:   AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0

012707: May 14 16:32:16.982 EET: EIGRP: Received HELLO on Tu20 - paklen 20 nbr 10.67.0.2

012708: May 14 16:32:16.982 EET:   AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0

012709: May 14 16:32:17.326 EET: EIGRP: Sending HELLO on Tu20 - paklen 20

012710: May 14 16:32:17.326 EET:   AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0

012711: May 14 16:32:21.714 EET: EIGRP: Received HELLO on Tu20 - paklen 20 nbr 10.67.0.2

012712: May 14 16:32:21.714 EET:   AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0

 

012713: May 14 16:32:21.986 EET: IKEv2:Received Packet [From spoke1_ip:500/To spoke2_ip:500/VRF i0:f0]

Initiator SPI : 584162B685FD3660 - Responder SPI : 0000000000000000 Message id: 0

IKEv2 IKE_SA_INIT Exchange REQUEST

012714: May 14 16:32:26.038 EET: EIGRP: Received HELLO on Tu20 - paklen 20 nbr 10.67.0.2

012715: May 14 16:32:26.038 EET:   AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0

012716: May 14 16:32:27.086 EET: EIGRP: Sending HELLO on Tu20 - paklen 20

012717: May 14 16:32:27.086 EET:   AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0

012718: May 14 16:32:30.822 EET: EIGRP: Received HELLO on Tu20 - paklen 20 nbr 10.67.0.2

012719: May 14 16:32:30.822 EET:   AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0

012720: May 14 16:32:31.662 EET: EIGRP: Sending HELLO on Tu20 - paklen 20

012721: May 14 16:32:31.662 EET:   AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0

 

012722: May 14 16:32:33.810 EET: IKEv2:(SESSION ID = 190,SA ID = 2):Received Packet [From spoke1_ip:500/To spoke2_ip:500/VRF i0:f0]

Initiator SPI : 584162B685FD3660 - Responder SPI : 5F758222BB7B3F31 Message id: 3

IKEv2 INFORMATIONAL Exchange REQUEST

Payload contents:

 DELETE

 

012723: May 14 16:32:33.810 EET: IKEv2:(SESSION ID = 190,SA ID = 2):Building packet for encryption.

012724: May 14 16:32:35.666 EET: EIGRP: Received HELLO on Tu20 - paklen 20 nbr 10.67.0.2

012725: May 14 16:32:35.666 EET:   AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0

012726: May 14 16:32:36.558 EET: EIGRP: Sending HELLO on Tu20 - paklen 20

012727: May 14 16:32:36.558 EET:   AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0

012728: May 14 16:32:40.447 EET: EIGRP: Received HELLO on Tu20 - paklen 20 nbr 10.67.0.2

012729: May 14 16:32:40.451 EET:   AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0

012730: May 14 16:32:41.547 EET: EIGRP: Sending HELLO on Tu20 - paklen 20

012731: May 14 16:32:41.547 EET:   AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0

012732: May 14 16:32:44.883 EET: EIGRP: Received HELLO on Tu20 - paklen 20 nbr 10.67.0.2

012733: May 14 16:32:44.883 EET:   AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0

012734: May 14 16:32:45.839 EET: EIGRP: Sending HELLO on Tu20 - paklen 20

012735: May 14 16:32:45.839 EET:   AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0

012736: May 14 16:32:49.427 EET: EIGRP: Received HELLO on Tu20 - paklen 20 nbr 10.67.0.2

 

If you require any further information, feel free to contact me.

0 Helpful

Go to solution
Maksym Ozerov
Visitor
In response to Maksym Ozerov

‎05-14-2020 02:17 PM

This trouble has resolved! I changed in my spokes in unnumbered interface:

 

interface Virtual-Template1 type tunnel

 ip unnumbered Tunnel10

0 Helpful
Customers Also Viewed These Support Documents