cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1834
Views
0
Helpful
9
Replies

IPSEC Routing Issue

roharris33
Level 1
Level 1

I apologize if this is posted in the wrong location. I'm standing up an IPSEC tunnel between two sites. Eventually all sites will use the head end as a backup connection. The tunnel establishes but I'm not seeing an OSPF adjacency nor can I ping the IP of the tunnel on either side. I see that the head end is receiving packets but isn't responding. The route for the far end IP appears to be correct on the head end. I don't see anything else wrong, no errors. Any ideas?

1 Accepted Solution

Accepted Solutions

Shutdown tunnel interface, remove tunnel destination and add "tunnel mode gre multipoint", no shut tunnel interface

You've also got different tunnel keys, remove the key you shouldn't need it in your scenario.

View solution in original post

9 Replies 9

Hi,

On the farend router you should modify the configuration as follows:-

 

interface tunnel 1

no tunnel destination

tunnel mode gre multipoint

 

You may also want to add "ip ospf hello-interval 30" on each router's tunnel interface.

 

HTH

I made the changes.....same result as before.

Upload "show dmvpn" and "show ip ospf neig" from both routers.

Interesting as you can see on the head end there isn't any dmvpn information. But the far end shows peer information.

 

Headend:

headvpn.PNG

 

Farend:

farvpn.PNG

Can you post your updated configuration please

I have a duplicate thread. Made a rookie mistake posting in two different places. Here is the link to the other thread. Updated configs are attached.

 

https://community.cisco.com/t5/routing/routing-over-gre-ipsec-tunnel/m-p/3785459#M308139

Adding the headend config

Shutdown tunnel interface, remove tunnel destination and add "tunnel mode gre multipoint", no shut tunnel interface

You've also got different tunnel keys, remove the key you shouldn't need it in your scenario.

tunnel mode gre multipoint was already configured but I did remove the key on both ends and now I have an OSPF adjancy. Thank you very much.

Farend tunnel config:
interface Tunnel1
bandwidth 20000
ip address 10.192.0.254 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication VCbh1q93
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip nhrp holdtime 600
ip nhrp redirect
ip policy route-map VPN-Internal
ip ospf network broadcast
ip ospf hello-interval 30
ip ospf priority 2
ip ospf mtu-ignore
delay 1000
tunnel source GigabitEthernet0/0/1
tunnel mode gre multipoint
tunnel protection ipsec profile vpnprof


Head end tunnel config:
interface Tunnel1
bandwidth 20000
ip address 10.192.0.17 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication VCbh1q93
ip nhrp map 10.192.0.254 111.111.111..237
ip nhrp map multicast 111.111.111.237
ip nhrp network-id 1
ip nhrp holdtime 300
ip nhrp nhs 10.192.0.254
ip ospf network broadcast
ip ospf hello-interval 30
ip ospf priority 2
delay 1000
tunnel source GigabitEthernet0/0/0
tunnel mode gre multipoint
tunnel protection ipsec profile vpnprof

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: