07-24-2019 02:22 AM - edited 02-21-2020 09:42 PM
07-24-2019 02:47 AM
07-25-2019 01:44 AM
HI RJI,
The debugs from the spoke
*Jul 24 11:40:45.470: NHRP: Send Registration Request via Tunnel1 vrf 0, packet size: 105
*Jul 24 11:40:45.470: src: 192.168.9.2, dst: 192.168.9.1
*Jul 24 11:40:45.470: NHRP: 133 bytes out Tunnel1
*Jul 24 11:40:45.470: NHRP: Resetting retransmit due to hold-timer for 192.168.9.1
*Jul 24 11:40:50.470: NHRP: Attempting to send packet through interface Tunnel1 via DEST dst 192.168.9.1
*Jul 24 11:40:50.470: NHRP: Send Registration Request via Tunnel1 vrf 0, packet size: 105
*Jul 24 11:40:50.470: src: 192.168.9.2, dst: 192.168.9.1
*Jul 24 11:40:50.470: NHRP: 133 bytes out Tunnel1
*Jul 24 11:40:50.470: NHRP: Resetting retransmit due to hold-timer for 192.168.9.1
*Jul 24 11:40:55.470: NHRP: Attempting to send packet through interface Tunnel1 via DEST dst 192.168.9.1
*Jul 24 11:40:55.470: NHRP: Send Registration Request via Tunnel1 vrf 0, packet size: 105
*Jul 24 11:40:55.470: src: 192.168.9.2, dst: 192.168.9.1
*Jul 24 11:40:55.470: NHRP: 133 bytes out Tunnel1
---------------------------------------------
HERE IS SPOKE CONFIGUATION
Cybertron-Core_2900#show running-config
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 5
crypto isakmp key cybertron address 0.0.0.0
crypto isakmp invalid-spi-recovery
crypto isakmp keepalive 10 3
!
!
crypto ipsec transform-set IPSEC esp-des esp-md5-hmac
mode transport
crypto ipsec transform-set cyber esp-des esp-md5-hmac
mode tunnel
!
crypto ipsec profile IPSEC_PROFILE
set transform-set IPSEC
!
!
!
crypto dynamic-map cyber 10
reverse-route
!
!
crypto map cyber 10 ipsec-isakmp
set peer 183.238.XX.66
set transform-set cyber
match address VPN
!
crypto map map client authentication list remote
crypto map map isakmp authorization list remote
crypto map map client configuration address respond
crypto map map 10 ipsec-isakmp dynamic cyber
!
!
!
!
!
interface Tunnel1
ip address 192.168.9.2 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication cisco
ip nhrp map multicast 183.238.XX.66
ip nhrp map 192.168.9.1 183.238.XX.66
ip nhrp network-id 10
ip nhrp holdtime 300
ip nhrp nhs 192.168.9.1
ip nhrp registration timeout 5
ip tcp adjust-mss 1360
tunnel source Dialer1
tunnel mode gre multipoint
tunnel key 123456
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/1
no ip address
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1.20
encapsulation dot1Q 20
ip address 192.168.20.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.101
description Cybertron_Wlan
encapsulation dot1Q 101
ip address 192.168.101.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.102
description WLAN_GUEST
encapsulation dot1Q 102
ip address 192.168.102.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/2
no ip address
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Dialer1
mtu 1492
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1352
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp pap sent-username 07554200194657 password 0 ALTCSSSSS
no cdp enable
!
router ospf 100
router-id 192.168.20.1
network 172.16.1.0 0.0.0.255 area 0
network 192.168.20.0 0.0.0.255 area 0
!
ip forward-protocol nd
!
no ip http server
----------------------------
HUB CONFIGUATION
interface Tunnel1
ip address 192.168.9.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication cisco
ip nhrp map multicast dynamic
ip nhrp network-id 10
ip nhrp holdtime 300
ip nhrp registration timeout 5
ip tcp adjust-mss 1360
ip ospf network broadcast
ip ospf hello-interval 30
ip ospf priority 255
tunnel source GigabitEthernet0/1
tunnel mode gre multipoint
tunnel key 123456
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 192.168.10.254 255.255.255.0
ip flow monitor netflow-monitor output
ip nat inside
no ip virtual-reassembly in
ip tcp adjust-mss 1400
duplex auto
speed auto
h323-gateway voip interface
h323-gateway voip bind srcaddr 192.168.10.254
!
interface GigabitEthernet0/1
ip address 183.238.XX.6 255.255.255.248
ip access-group denysip in
ip access-group fragments out
ip nat outside
no ip virtual-reassembly in
ip tcp adjust-mss 1400
duplex auto
speed auto
media-type rj45
crypto map map
!
interface GigabitEthernet0/2
ip address 192.168.255.1 255.255.255.252
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Virtual-Template1 type tunnel
ip unnumbered GigabitEthernet0/1
ip nat inside
ip virtual-reassembly in
tunnel source GigabitEthernet0/1
tunnel mode ipsec ipv4
tunnel protection ipsec profile IPSEC_PRO_N
!
interface Dialer1
no ip address
!
router ospf 100
router-id 192.168.10.1
redistribute connected
redistribute static subnets
network 172.16.1.0 0.0.0.255 area 0
network 192.168.9.0 0.0.0.255 area 0
network 192.168.10.0 0.0.0.255 area 0
-------------------------------------------------------------
Headquarters is fixed ip, can ping. The branch is adsl. Operators limit the inability to Ping
07-25-2019 07:12 AM
05-20-2024 09:12 PM
I have similar issue in my lab. No firewall in my setup
////////////////////Hub Logs /////////////////////
May 21 04:03:09.338: NHRP: if_up: Tunnel1 proto 'NHRP_IPv4'
May 21 04:03:09.338: NHRP: Registration with Tunnels Decap Module succeeded
May 21 04:03:09.338: NHRP: Adding all static maps to cache
May 21 04:03:09.338: NHRP: Unable to send Registration - no NHSes configured
May 21 04:03:10.123: NHRP: Unable to send Registration - no NHSes configured
////Spoke logs ////////////////
May 21 04:09:19.879: NHRP: No SNMP node found to add requestID
May 21 04:09:19.879: NHRP: Attempting to send packet through interface Tunnel1 via DEST dst 192.168.0.1
May 21 04:09:19.879: NHRP: Send Registration Request via Tunnel1 vrf: VRF-TUN1(0x4), packet size: 108
May 21 04:09:19.879: src: 192.168.0.2, dst: 192.168.0.1
May 21 04:09:19.879: NHRP: Encapsulation succeeded. Sending NHRP Control Packet NBMA Address: 1.1.1.1
May 21 04:09:19.879: NHRP: 136 bytes out Tunnel1
May 21 04:09:19.879: NHRP: Resetting retransmit due to hold-timer for 192.168.0.1
May 21 04:09:32.655: NHRP: Setting retrans delay to 64 for nhs dst 172.16.0.1
May 21 04:09:32.655: NHRP: Attempting to send packet through interface Tunnel0 via DEST dst 172.16.0.1
May 21 04:09:32.655: NHRP: Send Registration Request via Tunnel0 vrf: VRF-TUN1(0x4), packet size: 108
May 21 04:09:32.655: src: 172.16.0.2, dst: 172.16.0.1
May 21 04:09:32.655: NHRP: Encapsulation succeeded. Sending NHRP Control Packet NBMA Address: 11.11.11.0
May 21 04:09:32.655: NHRP: 136 bytes out Tunnel0
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide