Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
405
Views
0
Helpful
2
Replies

flexvpn, no traffic through hub if there is no connection between spokes. bug or by design?

dm
Level 1
Level 1

‎08-01-2014 12:46 AM - edited ‎02-21-2020 07:45 PM

Hello!

 

I'm testing flexvpn environment.

As I heard dmvpn provides traffic through hub if connection between spokes is not possible for some reason (let's say routing problems).

 

So I created:

 

hub with address 192.168.42.150

spoke - 192.168.42.151, announce 192.168.1.1

and spoke2 - 192.168.42.150,  192.168.2.1

 

Everything is OK, spokes build virtual-access to each other :-)

But if I deny access from spoke to spoke by access-list with deny of 192.168.42.151 on spoke2 ,

then first several packets pass through hub and then stops.

Routing shows that packets should go to hub, I can ping both spokes (192.168.1.1 and 1.2) from hub, but not each other.

Even if I remove access-list it doesn't help until spoke with access list reload.

 

Is this expected or... ?

 

Thank you!

 

 

 

Labels:
0 Helpful
2 Replies 2

dm
Level 1
Level 1

‎08-01-2014 12:57 AM

btw, what is more interesting- I see virtual-access interfaces on spokes with source and destination addresses of spokes, but (!) there is no ike2 between them , so traffic shall not pass (c) ;-)

 

0 Helpful

dm
Level 1
Level 1
In response to dm

‎08-01-2014 03:33 AM

OK,

clear ip nhrp shortcut

on both spokes

solves problem, i.e. I can ping one spoke through hub after I apply access-list.

But after some timeout it doesn't work again.

How can I avoid this behaviour?

There is no real tunnel, but router send traffic into it...

 

Thank you!

0 Helpful
Customers Also Viewed These Support Documents