Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
187
Views
0
Helpful
0
Replies

Help needed--Cannot ping the subnet attached to the hub from the spoke and vice versa

Bassam1972
Level 1
Level 1

‎02-15-2016 01:52 PM

Dear All,

   Recently, I started configuring DMVPN into my network as a failover link for my customers back to my datacenter to allow EIGRP multicast traffic to pass through, and unfortunately I couldn't make working 100% as I ran into a weird problem that I couldn't find a solution for it. The routers that I'm using are C2851 as the hub and C2811 as the spoke.

I did the required configurations as shown below and managed to make the DMVPN up and I can ping to all the interfaces (including the interface attached to my data center subnet) in the hub from the spoke , but I cannot go beyond the hub although my dynamic routes are all correct. The same thing happens when I ping from the subnet where the hub is attached to. I can ping to all the interfaces in the hub including the tunnel interface but cannot go beyond that to the spoke although all the dynamic routes are correct.

Trace route issued from at both sides (Spoke and the subnet where the Hub is attached) just stop in the hub and doesn't go beyond. I thought there is a problem related to my physical network and thus I decided to implement the same topology on GNS3 and I'm still facing the same problem.

The topology is

The Hub configuration is:

crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key cisco1234 address 0.0.0.0
crypto isakmp keepalive 10 3
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto ipsec profile DMVPN
set transform-set ESP-3DES-SHA
!
interface Tunnel0
ip address 172.28.1.1 255.255.255.0
no ip redirects
ip mtu 1416
ip hold-time eigrp 10 35
no ip next-hop-self eigrp 10
no ip split-horizon eigrp 10
ip nhrp map multicast dynamic
ip nhrp network-id 10
tunnel source 64.129.50.9
tunnel mode gre multipoint
tunnel protection ipsec profile DMVPN
!
interface Ethernet0/0
ip address 64.129.50.9 255.255.255.0
!
interface Ethernet0/1
ip address 10.0.50.254 255.255.0.0
!
router eigrp 10
network 10.0.0.0 0.0.255.255
network 172.28.1.0 0.0.0.255
!
ip route 0.0.0.0 0.0.0.0 64.129.50.1

The Spoke configuration is:

crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key cisco1234 address 0.0.0.0
crypto isakmp keepalive 10 3
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto ipsec profile DMVPN
set transform-set ESP-3DES-SHA
!
interface Loopback0
ip address 10.31.1.42 255.255.255.255
!
interface Tunnel0
ip address 172.28.1.42 255.255.255.0
ip mtu 1416
ip hold-time eigrp 10 35
no ip next-hop-self eigrp 10
no ip split-horizon eigrp 10
ip nhrp map 172.28.1.1 64.129.50.9
ip nhrp map multicast 64.129.50.9
ip nhrp network-id 10
ip nhrp nhs 172.28.1.1
no ip split-horizon
tunnel source Ethernet0/0
tunnel destination 64.129.50.9
tunnel protection ipsec profile DMVPN
!
interface Ethernet0/0
ip address dhcp
!
interface Ethernet0/1
ip address 172.29.11.1 255.255.255.0
!
router eigrp 10
network 0.0.0.0
!
ip route 0.0.0.0 0.0.0.0 192.168.70.1

Routing table on the Hub:

Gateway of last resort is 64.129.50.1 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 64.129.50.1
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C 10.0.0.0/16 is directly connected, Ethernet0/1
L 10.0.50.254/32 is directly connected, Ethernet0/1
D 10.31.1.42/32 [90/27008000] via 172.28.1.42, 00:53:00, Tunnel0
64.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 64.129.50.0/24 is directly connected, Ethernet0/0
L 64.129.50.9/32 is directly connected, Ethernet0/0
172.28.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.28.1.0/24 is directly connected, Tunnel0
L 172.28.1.1/32 is directly connected, Tunnel0
172.29.0.0/24 is subnetted, 1 subnets
D 172.29.11.0 [90/26905600] via 172.28.1.42, 00:53:00, Tunnel0
D 192.168.70.0/24 [90/26905600] via 172.28.1.42, 00:53:00, Tunnel0

Routing table on the Spoke:

Gateway of last resort is 192.168.70.1 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 192.168.70.1
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
D 10.0.0.0/16 [90/26905600] via 172.28.1.1, 00:54:23, Tunnel0
C 10.31.1.42/32 is directly connected, Loopback0
172.28.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.28.1.0/24 is directly connected, Tunnel0
L 172.28.1.42/32 is directly connected, Tunnel0
172.29.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.29.11.0/24 is directly connected, Ethernet0/1
L 172.29.11.1/32 is directly connected, Ethernet0/1
192.168.70.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.70.0/24 is directly connected, Ethernet0/0
L 192.168.70.104/32 is directly connected, Ethernet0/0

Routing table on the Gateway router:

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C 10.0.0.0/16 is directly connected, Ethernet0/1
L 10.0.0.254/32 is directly connected, Ethernet0/1
D 10.31.1.42/32 [90/27033600] via 10.0.50.254, 00:55:49, Ethernet0/1
172.28.0.0/24 is subnetted, 1 subnets
D 172.28.1.0 [90/26905600] via 10.0.50.254, 03:54:56, Ethernet0/1
172.29.0.0/24 is subnetted, 1 subnets
D 172.29.11.0 [90/26931200] via 10.0.50.254, 00:55:49, Ethernet0/1
D 192.168.70.0/24 [90/26931200] via 10.0.50.254, 00:55:49, Ethernet0/1

you help is much appreciated

Regards,

Bassam

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents