05-13-2020 05:32 PM - edited 05-13-2020 05:44 PM
There is a hub router and a few spokes routers in my network. The spokes work well with the hub but cannot set up tunnel between them from virtual-template.
HUB:
aaa new-model
aaa authorization network default local
aaa session-id common
crypto isakmp invalid-spi-recovery
crypto ikev2 fragmentation
crypto ikev2 authorization policy default
pool Spokes
route set interface
crypto ikev2 keyring My_key
peer Spokes
address 0.0.0.0 0.0.0.0
pre-shared-key local my_key
pre-shared-key remote my_key
crypto ikev2 profile My_IKEv2
match identity remote address 0.0.0.0
authentication remote pre-share
authentication local pre-share
keyring local My_key
aaa authorization group psk list default default
virtual-template 1
crypto ikev2 dpd 30 5 on-demand
crypto ipsec transform-set My_IKEv2 esp-gcm 256
mode tunnel
crypto ipsec profile default
set ikev2-profile My_IKEv2
set transform-set My_IKEv2
crypto ikev2 proposal default
no integrity
encryption aes-gcm-256
prf sha256
group 20
interface Loopback1
ip address 10.67.0.1 255.255.255.255
interface Virtual-Template1 type tunnel
ip mtu 1400
ip unnumbered lo1
ip nhrp network-id 10
ip nhrp redirect
ip tcp adjust-mss 1352
tunnel protection ipsec profile default
ip local pool Spokes 10.67.4.1 10.67.7.254
router eigrp 1
network 10.67.0.0 0.0.255.255
no passive-interface Loopback1
no passive-interface Virtual-Template1
Spoke1:
aaa new-model
aaa authorization network default local
aaa session-id common
crypto isakmp invalid-spi-recovery
crypto ikev2 fragmentation
crypto ikev2 keyring My_key
peer Spokes
address 0.0.0.0 0.0.0.0
pre-shared-key local my_key
pre-shared-key remote my_key
crypto ikev2 profile My_IKEv2
match identity remote address 0.0.0.0
authentication remote pre-share
authentication local pre-share
keyring local My_key
aaa authorization group psk list default default
virtual-template 1
crypto ikev2 dpd 30 5 on-demand
crypto ipsec transform-set My_IKEv2 esp-gcm 256
mode tunnel
crypto ipsec profile default
set ikev2-profile My_IKEv2
set transform-set My_IKEv2
crypto ikev2 proposal default
no integrity
encryption aes-gcm-256
prf sha256
group 20
interface Tunnel20
ip address negotiated
ip access-group TUNIN in
ip access-group TUNOUT out
ip mtu 1400
ip nhrp network-id 10
ip nhrp shortcut virtual-template 1
ip nhrp redirect
ip tcp adjust-mss 1352
tunnel source di0
tunnel destination my_hub_ip_address
tunnel protection ipsec profile default
interface Virtual-Template1 type tunnel
ip unnumbered di0
ip access-group TUNIN in
ip access-group TUNOUT out
ip mtu 1400
ip nhrp network-id 10
ip nhrp shortcut virtual-template 1
ip nhrp redirect
ip tcp adjust-mss 1352
tunnel protection ipsec profile default ikev2-profile My_IKEv2
router eigrp 1
network 10.67.0.0 0.0.255.255
passive-interface default
no passive-interface Tunnel20
no passive-interface Virtual-Template1
Spoke2:
aaa new-model
aaa authorization network default local
aaa session-id common
crypto isakmp invalid-spi-recovery
crypto ikev2 fragmentation
crypto ikev2 keyring My_key
peer Spokes
address 0.0.0.0 0.0.0.0
pre-shared-key local my_key
pre-shared-key remote my_key
crypto ikev2 profile My_IKEv2
match identity remote address 0.0.0.0
authentication remote pre-share
authentication local pre-share
keyring local My_key
aaa authorization group psk list default default
virtual-template 1
crypto ikev2 dpd 30 5 on-demand
crypto ipsec transform-set My_IKEv2 esp-gcm 256
mode tunnel
crypto ipsec profile default
set ikev2-profile My_IKEv2
set transform-set My_IKEv2
crypto ikev2 proposal default
no integrity
encryption aes-gcm-256
prf sha256
group 20
interface Tunnel20
ip address negotiated
ip access-group TUNIN in
ip access-group TUNOUT out
ip mtu 1400
ip nhrp network-id 10
ip nhrp shortcut virtual-template 1
ip nhrp redirect
ip tcp adjust-mss 1352
tunnel source fa8
tunnel destination my_hub_ip_address
tunnel protection ipsec profile default
interface Virtual-Template1 type tunnel
ip unnumbered fa8
ip access-group TUNIN in
ip access-group TUNOUT out
ip mtu 1400
ip nhrp network-id 10
ip nhrp shortcut virtual-template 1
ip nhrp redirect
ip tcp adjust-mss 1352
tunnel protection ipsec profile default ikev2-profile My_IKEv2
router eigrp 1
network 10.67.0.0 0.0.255.255
passive-interface default
no passive-interface Tunnel20
no passive-interface Virtual-Template1
spoke1#show crypto ikev2 sa
IPv4 Crypto IKEv2 SA
Tunnel-id Local Remote fvrf/ivrf Status
1 spoke1_ip/500 hub_ip/500 none/none READY
Encr: AES-GCM, keysize: 256, PRF: SHA256, Hash: None, DH Grp:20, Auth sign: PSK, Auth verify: PSK
Life/Active Time: 86400/395 sec
Tunnel-id Local Remote fvrf/ivrf Status
2 spoke1_ip/500 spoke2_ip/500 none/none READY
Encr: AES-GCM, keysize: 256, PRF: SHA256, Hash: None, DH Grp:20, Auth sign: PSK, Auth verify: PSK
Life/Active Time: 86400/8 sec
spoke2#sh crypto ikev2 sa
IPv4 Crypto IKEv2 SA
Tunnel-id Local Remote fvrf/ivrf Status
3 spoke2_ip/500 spoke1_ip/500 none/none DELETE
Encr: AES-GCM, keysize: 256, PRF: SHA256, Hash: None, DH Grp:20, Auth sign: PSK, Auth verify: PSK
Life/Active Time: 300/117 sec
Tunnel-id Local Remote fvrf/ivrf Status
1 spoke2_ip/500 hub_ip/500 none/none READY
Encr: AES-GCM, keysize: 256, PRF: SHA256, Hash: None, DH Grp:20, Auth sign: PSK, Auth verify: PSK
Life/Active Time: 86400/323 sec
IPv6 Crypto IKEv2 SA
debug spoke1:
000070: May 14 03:25:03.862 EET: IKEv2:(SESSION ID = 8,SA ID = 2):Building packet for encryption.
000071: May 14 03:25:03 EET: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to down
000072: May 14 03:25:30 EET: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state to down
000073: May 14 03:25:30.609 EET: IKEv2-ERROR:%Invalid msg context handle
000074: May 14 03:25:30.613 EET: IPSEC(crypto_ipsec_kmi_send_message): Invalid KMI msg id: 13
000075: May 14 03:25:30.613 EET: IPSEC(crypto_ipsec_send_ready): Couldn't send KMI message
000076: May 14 03:25:30.613 EET: insert of map into mapdb AVL failed, map + ace pair already exists on the mapdb
000077: May 14 03:25:30.613 EET: IPSEC: Expand action denied, discard or forward packet.
000078: May 14 03:25:30.613 EET: IPSEC: Expand action denied, notify RP
000079: May 14 03:25:30.613 EET: IPSEC: Expand action denied, discard or forward packet.
000080: May 14 03:25:30.613 EET: IPSEC: Expand action denied, discard or forward packet.
000081: May 14 03:25:32.597 EET: IKEv2:(SESSION ID = 9,SA ID = 2):Retransmitting packet
000082: May 14 03:25:32.597 EET: IKEv2:(SESSION ID = 9,SA ID = 2):Sending Packet [To spoke2_ip:500/From spoke1_ip:500/VRF i0:f0]
Initiator SPI : 9228A8F046534DA5 - Responder SPI : 38DBC6DE3E92DD9B Message id: 2
IKEv2 INFORMATIONAL Exchange REQUEST
Payload contents:
ENCR
000083: May 14 03:25:36.213 EET: IKEv2:(SESSION ID = 9,SA ID = 2):Retransmitting packet
000084: May 14 03:25:36.213 EET: IKEv2:(SESSION ID = 9,SA ID = 2):Sending Packet [To spoke2_ip:500/From spoke1_ip:500/VRF i0:f0]
Initiator SPI : 9228A8F046534DA5 - Responder SPI : 38DBC6DE3E92DD9B Message id: 2
IKEv2 INFORMATIONAL Exchange REQUEST
Payload contents:
ENCR
debug spoke2:
000063: May 14 03:19:20 EET: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to down
000064: May 14 03:19:21 EET: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up
000065: May 14 03:19:21 EET: %ADJ-5-PARENT: Midchain parent maintenance for IP midchain out of Virtual-Access1 (incomplete) - looped chain attempting to stack
000066: May 14 03:19:30 EET: %TUN-5-RECURDOWN: Virtual-Access1 temporarily disabled due to recursive routing
000067: May 14 03:19:30 EET: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to down
000068: May 14 03:19:30 EET: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to down
000069: May 14 03:23:20 EET: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to down
000070: May 14 03:23:20 EET: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up
000071: May 14 03:23:20 EET: %ADJ-5-PARENT: Midchain parent maintenance for IP midchain out of Virtual-Access1 (incomplete) - looped chain attempting to stack
000072: May 14 03:23:30 EET: %TUN-5-RECURDOWN: Virtual-Access1 temporarily disabled due to recursive routing
000073: May 14 03:23:30 EET: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to down
000074: May 14 03:23:30 EET: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to down
000075: May 14 03:24:51 EET: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to down
000076: May 14 03:24:51.938 EET: IKEv2-ERROR:%Invalid msg context handle
000077: May 14 03:24:51.938 EET: IPSEC(crypto_ipsec_kmi_send_message): Invalid KMI msg id: 13
000078: May 14 03:24:51.938 EET: IPSEC(crypto_ipsec_send_ready): Couldn't send KMI message
000079: May 14 03:24:51.942 EET: insert of map into mapdb AVL failed, map + ace pair already exists on the mapdb
000080: May 14 03:24:51.942 EET: IPSEC: Expand action denied, discard or forward packet.
000081: May 14 03:24:51.942 EET: IPSEC: Expand action denied, notify RP
000082: May 14 03:24:51.942 EET: IPSEC: Expand action denied, discard or forward packet.
000083: May 14 03:24:51.942 EET: IPSEC: Expand action denied, discard or forward packet.
000084: May 14 03:24:53.982 EET: IKEv2:(SESSION ID = 7,SA ID = 2):Retransmitting packet
000085: May 14 03:24:53.982 EET: IKEv2:(SESSION ID = 7,SA ID = 2):Sending Packet [To spoke1_ip:500/From spoke2_ip:500/VRF i0:f0]
Initiator SPI : F99EEE1B05876B31 - Responder SPI : E5DA75C2842D003C Message id: 2
IKEv2 INFORMATIONAL Exchange REQUEST
Payload contents:
ENCR
000086: May 14 03:24:57.726 EET: IKEv2:(SESSION ID = 7,SA ID = 2):Retransmitting packet
000087: May 14 03:24:57.726 EET: IKEv2:(SESSION ID = 7,SA ID = 2):Sending Packet [To spoke1_ip:500/From spoke2_ip:500/VRF i0:f0]
Initiator SPI : F99EEE1B05876B31 - Responder SPI : E5DA75C2842D003C Message id: 2
IKEv2 INFORMATIONAL Exchange REQUEST
Payload contents:
ENCR
000088: May 14 03:25:01 EET: %TUN-5-RECURDOWN: Virtual-Access1 temporarily disabled due to recursive routing
000089: May 14 03:25:01 EET: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to down
000090: May 14 03:25:01.922 EET: IPSEC(delete_sa): deleting SA,
(sa) sa_dest= spoke2_ip, sa_proto= 50,
sa_spi= 0xDD0E58B0(3708704944),
sa_trans= esp-gcm 256 , sa_conn_id= 1014
sa_lifetime(k/sec)= (4608000/3600),
(identity) local= spoke2_ip:0, remote= spoke1_ip:0,
local_proxy= spoke2_ip/255.255.255.255/47/0,
remote_proxy= spoke1_ip/255.255.255.255/47/0
000091: May 14 03:25:01.922 EET: IPSEC(delete_sa): SA found saving DEL kmi
000092: May 14 03:25:01.922 EET: IPSEC(delete_sa): deleting SA,
(sa) sa_dest= spoke1_ip, sa_proto= 50,
sa_spi= 0xFAC73C11(4207361041),
sa_trans= esp-gcm 256 , sa_conn_id= 1013
sa_lifetime(k/sec)= (4608000/3600)
000093: May 14 03:25:01 EET: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to down
000094: May 14 03:25:03.887 EET: IKEv2:(SESSION ID = 7,SA ID = 2):Retransmitting packet
000095: May 14 03:25:03.887 EET: IKEv2:(SESSION ID = 7,SA ID = 2):Sending Packet [To spoke1_ip:500/From spoke2_ip:500/VRF i0:f0]
Initiator SPI : F99EEE1B05876B31 - Responder SPI : E5DA75C2842D003C Message id: 3
IKEv2 INFORMATIONAL Exchange REQUEST
Payload contents:
ENCR
000096: May 14 03:25:30.656 EET: IKEv2:Received Packet [From spoke1_ip:500/To spoke2_ip:500/VRF i0:f0]
Initiator SPI : 9228A8F046534DA5 - Responder SPI : 0000000000000000 Message id: 0
IKEv2 IKE_SA_INIT Exchange REQUEST
Payload contents:
SA KE N VID
000097: May 14 03:25:42.517 EET: IKEv2:(SESSION ID = 8,SA ID = 2):Received Packet [From spoke1_ip:500/To spoke2_ip:500/VRF i0:f0]
Initiator SPI : 9228A8F046534DA5 - Responder SPI : 38DBC6DE3E92DD9B Message id: 4
IKEv2 INFORMATIONAL Exchange REQUEST
Payload contents:
DELETE NOTIFY(DELETE_REASON)
000098: May 14 03:25:42.517 EET: IKEv2:(SESSION ID = 8,SA ID = 2):
000099: May 14 03:25:42 EET: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to down
Solved! Go to Solution.
05-14-2020 02:17 PM
This trouble has resolved! I changed in my spokes in unnumbered interface:
interface Virtual-Template1 type tunnel
ip unnumbered Tunnel10
05-14-2020 01:56 AM
Hi,
You've got a routing loop %TUN-5-RECURDOWN: Virtual-Access1 temporarily disabled due to recursive routing
You'll learn the routes via the hub, so remove "no passive-interface Virtual-Template1" and try again.
HTH
05-14-2020 06:43 AM
I disabled eigrp on passive-interface Virtual-Template1 in my hub. The trouble still exist.
router eigrp 1
network 10.67.0.0 0.0.255.255
passive-interface default
no passive-interface Loopback1
There aren’t log messages on my hub when I am trying to ping one spoke from other
hub#show debugging
EIGRP:
Route Event debugging is on
EIGRP-IPv4: Address-Family:
Route Event debugging is on
IKEV2:
IKEv2 error debugging is on
IKEv2 default debugging is on
Spoke1:
Spoke1#show debugging
EIGRP:
Packet debugging is on
Route Event debugging is on
EIGRP-IPv4: Address-Family:
Route Event debugging is on
IKEV2:
IKEv2 error debugging is on
IKEv2 default debugging is on
Cryptographic Subsystem:
Crypto IPSEC debugging is on
Crypto IPSEC Error debugging is on
Spoke2:
Spoke2#show debugging
EIGRP:
Packet debugging is on
Route Event debugging is on
EIGRP-IPv4: Address-Family:
Route Event debugging is on
IKEV2:
IKEv2 error debugging is on
IKEv2 default debugging is on
Cryptographic Subsystem:
Crypto IPSEC debugging is on
Crypto IPSEC Error debugging is on
Spoke1 log:
012701: May 14 16:32:13.953 EET: AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0
012702: May 14 16:32:15.005 EET: EIGRP: Sending HELLO on Tu20 - paklen 20
012703: May 14 16:32:15.005 EET: AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0
012704: May 14 16:32:18.829 EET: EIGRP: Received HELLO on Tu20 - paklen 20 nbr 10.67.0.2
012705: May 14 16:32:18.829 EET: AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0
012706: May 14 16:32:19.709 EET: EIGRP: Sending HELLO on Tu20 - paklen 20
012707: May 14 16:32:19.709 EET: AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0
012708: May 14 16:32:21 EET: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state to down
012709: May 14 16:32:21.973 EET: IKEv2-ERROR:%Invalid msg context handle
012710: May 14 16:32:21.977 EET: IPSEC(crypto_ipsec_kmi_send_message): Invalid KMI msg id: 13
012711: May 14 16:32:21.977 EET: IPSEC(crypto_ipsec_send_ready): Couldn't send KMI message
012712: May 14 16:32:21.977 EET: insert of map into mapdb AVL failed, map + ace pair already exists on the mapdb
012713: May 14 16:32:21.977 EET: IPSEC: Expand action denied, discard or forward packet.
012714: May 14 16:32:21.977 EET: IPSEC: Expand action denied, notify RP
012715: May 14 16:32:21.977 EET: IPSEC: Expand action denied, discard or forward packet.
012716: May 14 16:32:21.977 EET: IPSEC: Expand action denied, discard or forward packet.
012717: May 14 16:32:23.425 EET: EIGRP: Received HELLO on Tu20 - paklen 20 nbr 10.67.0.2
012718: May 14 16:32:23.425 EET: AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0
012719: May 14 16:32:24.013 EET: IKEv2:(SESSION ID = 191,SA ID = 2):Retransmitting packet
012720: May 14 16:32:24.013 EET: IKEv2:(SESSION ID = 191,SA ID = 2):Sending Packet [To spoke2_ip:500/From spoke1_ip:500/VRF i0:f0]
Initiator SPI : 584162B685FD3660 - Responder SPI : 5F758222BB7B3F31 Message id: 2
IKEv2 INFORMATIONAL Exchange REQUEST
Payload contents:
ENCR
012721: May 14 16:32:27.853 EET: EIGRP: Received HELLO on Tu20 - paklen 20 nbr 10.67.0.2
012722: May 14 16:32:27.853 EET: AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0
012723: May 14 16:32:27.953 EET: IKEv2:(SESSION ID = 191,SA ID = 2):Retransmitting packet
012724: May 14 16:32:27.953 EET: IKEv2:(SESSION ID = 191,SA ID = 2):Sending Packet [To spoke2_ip:500/From spoke1_ip:500/VRF i0:f0]
012725: May 14 16:32:28.685 EET: EIGRP: Sending HELLO on Tu20 - paklen 20
012726: May 14 16:32:28.685 EET: AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0
012727: May 14 16:32:31 EET: %TUN-5-RECURDOWN: Virtual-Access3 temporarily disabled due to recursive routing
012728: May 14 16:32:31 EET: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state to down
012729: May 14 16:32:31.969 EET: IPSEC(delete_sa): deleting SA,
(sa) sa_dest= spoke1_ip, sa_proto= 50,
sa_spi= 0x31A70158(833028440),
sa_trans= esp-gcm 256 , sa_conn_id= 1406
sa_lifetime(k/sec)= (4608000/3600),
(identity) local= spoke1_ip:0, remote= spoke2_ip:0,
local_proxy= spoke1_ip/255.255.255.255/47/0,
remote_proxy= spoke2_ip/255.255.255.255/47/0
012730: May 14 16:32:31.969 EET: IPSEC(delete_sa): SA found saving DEL kmi
012731: May 14 16:32:31.969 EET: IPSEC(delete_sa): deleting SA,
(sa) sa_dest= spoke2_ip, sa_proto= 50,
sa_spi= 0x557FBC1B(1434434587),
sa_trans= esp-gcm 256 , sa_conn_id= 1405
sa_lifetime(k/sec)= (4608000/3600)
012732: May 14 16:32:31 EET: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to down
012733: May 14 16:32:33.349 EET: EIGRP: Sending HELLO on Tu20 - paklen 20
012734: May 14 16:32:33.349 EET: AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0
012735: May 14 16:32:33.805 EET: IKEv2:(SESSION ID = 191,SA ID = 2):Retransmitting packet
012736: May 14 16:32:33.805 EET: IKEv2:(SESSION ID = 191,SA ID = 2):Sending Packet [To spoke2_ip:500/From spoke1_ip:500/VRF i0:f0]
Initiator SPI : 584162B685FD3660 - Responder SPI : 5F758222BB7B3F31 Message id: 3
IKEv2 INFORMATIONAL Exchange REQUEST
Payload contents:
ENCR
012737: May 14 16:32:37.126 EET: EIGRP: Received HELLO on Tu20 - paklen 20 nbr 10.67.0.2
012738: May 14 16:32:37.126 EET: AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0
012739: May 14 16:32:37.902 EET: EIGRP: Sending HELLO on Tu20 - paklen 20
012740: May 14 16:32:37.902 EET: AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0
012741: May 14 16:32:42.002 EET: EIGRP: Received HELLO on Tu20 - paklen 20 nbr 10.67.0.2
012742: May 14 16:32:42.002 EET: AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0
012743: May 14 16:32:42.350 EET: EIGRP: Sending HELLO on Tu20 - paklen 20
012744: May 14 16:32:42.350 EET: AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0
012745: May 14 16:32:46.858 EET: EIGRP: Sending HELLO on Tu20 - paklen 20
012746: May 14 16:32:46.858 EET: AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0
012747: May 14 16:32:46.982 EET: EIGRP: Received HELLO on Tu20 - paklen 20 nbr 10.67.0.2
Spoke2 log:
012703: May 14 16:32:12.105 EET: EIGRP: Received HELLO on Tu20 - paklen 20 nbr 10.67.0.2
012704: May 14 16:32:12.105 EET: AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0
012705: May 14 16:32:12.769 EET: EIGRP: Sending HELLO on Tu20 - paklen 20
012706: May 14 16:32:12.769 EET: AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0
012707: May 14 16:32:16.982 EET: EIGRP: Received HELLO on Tu20 - paklen 20 nbr 10.67.0.2
012708: May 14 16:32:16.982 EET: AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0
012709: May 14 16:32:17.326 EET: EIGRP: Sending HELLO on Tu20 - paklen 20
012710: May 14 16:32:17.326 EET: AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0
012711: May 14 16:32:21.714 EET: EIGRP: Received HELLO on Tu20 - paklen 20 nbr 10.67.0.2
012712: May 14 16:32:21.714 EET: AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0
012713: May 14 16:32:21.986 EET: IKEv2:Received Packet [From spoke1_ip:500/To spoke2_ip:500/VRF i0:f0]
Initiator SPI : 584162B685FD3660 - Responder SPI : 0000000000000000 Message id: 0
IKEv2 IKE_SA_INIT Exchange REQUEST
012714: May 14 16:32:26.038 EET: EIGRP: Received HELLO on Tu20 - paklen 20 nbr 10.67.0.2
012715: May 14 16:32:26.038 EET: AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0
012716: May 14 16:32:27.086 EET: EIGRP: Sending HELLO on Tu20 - paklen 20
012717: May 14 16:32:27.086 EET: AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0
012718: May 14 16:32:30.822 EET: EIGRP: Received HELLO on Tu20 - paklen 20 nbr 10.67.0.2
012719: May 14 16:32:30.822 EET: AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0
012720: May 14 16:32:31.662 EET: EIGRP: Sending HELLO on Tu20 - paklen 20
012721: May 14 16:32:31.662 EET: AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0
012722: May 14 16:32:33.810 EET: IKEv2:(SESSION ID = 190,SA ID = 2):Received Packet [From spoke1_ip:500/To spoke2_ip:500/VRF i0:f0]
Initiator SPI : 584162B685FD3660 - Responder SPI : 5F758222BB7B3F31 Message id: 3
IKEv2 INFORMATIONAL Exchange REQUEST
Payload contents:
DELETE
012723: May 14 16:32:33.810 EET: IKEv2:(SESSION ID = 190,SA ID = 2):Building packet for encryption.
012724: May 14 16:32:35.666 EET: EIGRP: Received HELLO on Tu20 - paklen 20 nbr 10.67.0.2
012725: May 14 16:32:35.666 EET: AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0
012726: May 14 16:32:36.558 EET: EIGRP: Sending HELLO on Tu20 - paklen 20
012727: May 14 16:32:36.558 EET: AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0
012728: May 14 16:32:40.447 EET: EIGRP: Received HELLO on Tu20 - paklen 20 nbr 10.67.0.2
012729: May 14 16:32:40.451 EET: AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0
012730: May 14 16:32:41.547 EET: EIGRP: Sending HELLO on Tu20 - paklen 20
012731: May 14 16:32:41.547 EET: AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0
012732: May 14 16:32:44.883 EET: EIGRP: Received HELLO on Tu20 - paklen 20 nbr 10.67.0.2
012733: May 14 16:32:44.883 EET: AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0
012734: May 14 16:32:45.839 EET: EIGRP: Sending HELLO on Tu20 - paklen 20
012735: May 14 16:32:45.839 EET: AS 1, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0
012736: May 14 16:32:49.427 EET: EIGRP: Received HELLO on Tu20 - paklen 20 nbr 10.67.0.2
If you require any further information, feel free to contact me.
05-14-2020 02:17 PM
This trouble has resolved! I changed in my spokes in unnumbered interface:
interface Virtual-Template1 type tunnel
ip unnumbered Tunnel10
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: