We have many routers that are running dmvpn connections back to corporate office. these spoke routers all have a few dmvpn tunnels. tunnels goes as follows: Main(tunnel0), Backup(tunnel1), Cellular backup(tunnel2). I have found that randomly the main tunnel will lose connection and not be able to reconnect. the debugs indicate key mismatch. But with out changing the key I can restart the spoke and then all the tunnels will connect just fine. And I must stress that the only way I have found to get the main tunnel to connect is to restart the router. nothing else I have found will get it to connect.
I have tried shutting and no shutting the tunnel.
I have tried removing and re adding the cryptp isakmp key then reseting the tunnel.
I have tried adjusting the isakmp key by removing the subnet mask from it. second to that I removes a mask from one and left others
here is the isakmp keys. note address2 and address0 are on the same subnet different IP and different hub routers. the keys are different between the 3.
interface Tunnel0 bandwidth 512 ip address "spoke IP0" 255.255.255.0 no ip redirects ip nhrp authentication "pw0" ip nhrp map "hub ip0" "address0" ip nhrp map multicast "address0" ip nhrp network-id 1 ip nhrp nhs "hub ip0" zone-member security inside nhrp group 3MB tunnel source GigabitEthernet0/1 tunnel mode gre multipoint tunnel key 50 tunnel protection ipsec profile net1 shared ! interface Tunnel1 bandwidth 256 ip address "spoke IP1" 255.255.255.0 no ip redirects ip nhrp authentication "pw1" ip nhrp map multicast "address1" ip nhrp map "hub IP1" "address1" ip nhrp network-id 10 ip nhrp nhs "hub IP1" zone-member security inside nhrp group 3MB tunnel source GigabitEthernet0/1 tunnel mode gre multipoint tunnel key 100 tunnel protection ipsec profile net1 shared ! interface Tunnel2 bandwidth 128 ip address "spoke IP2" 255.255.255.0 no ip redirects no ip unreachables ip nhrp authentication "pw0" ip nhrp map multicast "address2" ip nhrp map "Hub IP2" "address2" ip nhrp network-id 1 ip nhrp nhs "Hub IP2" zone-member security inside tunnel source Cellular0/3/0 tunnel mode gre multipoint tunnel key 150 tunnel protection ipsec profile net2 shared
the tunnels are basicly the same on many others router where there is no issues. the main difference is ios version. This routers version is 15.5(3)M2. Any thoughts on why this would be? of you need anything else please let me know.
this time I do not see the key mismatch. but I did notice from some reason the cellular interface is showing up on the hub. it should not this hub is only the primary tunnel. and the tunnel for the cellular interface is a completely different router. based on that I shut down the cellular interface and reset the main tunnel (tunnel0). it connected fine. I unshut the cellular then that connected as well. now they are all connected and working.