Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
607
Views
0
Helpful
2
Replies

Main DMVPN tunnel randomly stops working

Mike Buyarski
Participant
Participant

‎08-15-2017 06:55 AM - edited ‎02-21-2020 09:24 PM

We have many routers that are running dmvpn connections back to corporate office. these spoke routers all have a few dmvpn tunnels. tunnels goes as follows: Main(tunnel0), Backup(tunnel1), Cellular backup(tunnel2). I have found that randomly the main tunnel will lose connection and not be able to reconnect. the debugs indicate key mismatch. But with out changing the key I can restart the spoke and then all the tunnels will connect just fine. And I must stress that the only way I have found to get the main tunnel to connect is to restart the router. nothing else I have found will get it to connect.

I have tried shutting and no shutting the tunnel.

I have tried removing and re adding the cryptp isakmp key then reseting the tunnel.

I have tried adjusting the isakmp key by removing the subnet mask from it. second to that I removes a mask from one and left others

here is the isakmp keys. note address2 and address0 are on the same subnet different IP and different hub routers. the keys are different between the 3.

crypto isakmp key "key2" address "address2"    no-xauth
crypto isakmp key "key0" address "address0"    255.255.255.248 no-xauth
crypto isakmp key "key1" address "address1"   255.255.255.224 no-xauth

Here is the tunnels

interface Tunnel0
 bandwidth 512
 ip address "spoke IP0" 255.255.255.0
 no ip redirects
 ip nhrp authentication "pw0"
 ip nhrp map "hub ip0" "address0"
 ip nhrp map multicast "address0"
 ip nhrp network-id 1
 ip nhrp nhs "hub ip0"
 zone-member security inside
 nhrp group 3MB
 tunnel source GigabitEthernet0/1
 tunnel mode gre multipoint
 tunnel key 50
 tunnel protection ipsec profile net1 shared
!
interface Tunnel1
 bandwidth 256
 ip address "spoke IP1" 255.255.255.0
 no ip redirects
 ip nhrp authentication "pw1"
 ip nhrp map multicast "address1"
 ip nhrp map "hub IP1" "address1"
 ip nhrp network-id 10
 ip nhrp nhs "hub IP1"
 zone-member security inside
 nhrp group 3MB
 tunnel source GigabitEthernet0/1
 tunnel mode gre multipoint
 tunnel key 100
 tunnel protection ipsec profile net1 shared
!
interface Tunnel2
 bandwidth 128
 ip address "spoke IP2" 255.255.255.0
 no ip redirects
 no ip unreachables
 ip nhrp authentication "pw0"
 ip nhrp map multicast "address2"
 ip nhrp map "Hub IP2" "address2"
 ip nhrp network-id 1
 ip nhrp nhs "Hub IP2"
 zone-member security inside
 tunnel source Cellular0/3/0
 tunnel mode gre multipoint
 tunnel key 150
 tunnel protection ipsec profile net2 shared

the tunnels are basicly the same on many others router where there is no issues. the main difference is ios version. This routers version is 15.5(3)M2. Any thoughts on why this would be? of you need anything else please let me know.

Labels:
0 Helpful