02-16-2010 02:42 PM
DMVPN configuration.
Devices from Hub LAN to Spoke LAN ping times 60ms.
Devices from Spoke1 LAN to Spoke2 LAN ping times 110ms to 1000ms.
When I ping the mGRE addresses of the routers. I can ping at 30-45ms unless I ping the routers own IP address, then it responds at a 90ms response. Meaning:
Spoke1 to Spoke2 = 40ms
Spoke1 to Hub = 35ms
Spoke2 to Hub = 35ms
Spoke1 to self = 90ms
Spoke2 to self = 90ms
HUB config:
crypto keyring Cisco
pre-shared-key address 0.0.0.0 0.0.0.0 key KeyA
!
crypto ipsec transform-set ESP-3DES-SHA13 esp-3des esp-sha-hmac
mode transport
!
crypto isakmp profile Cisco
keyring Cisco
match identity address 0.0.0.0
!
crypto ipsec profile CISCO
set transform-set ESP-3DES-SHA13
set isakmp-profile Cisco
!
interface Tunnel0
description HUB
bandwidth 4000
ip address 10.151.151.1 255.255.255.248
no ip redirects
ip mtu 1416
ip nhrp authentication Cisco
ip nhrp map multicast dynamic
ip nhrp network-id 100000
ip nhrp holdtime 360
ip tcp adjust-mss 1360
no ip split-horizon eigrp 1
delay 1000
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile CISCO
!
interface GigabitEthernet0/0
description HUB
bandwidth inherit
ip address A.A.A.A 255.255.255.252
ip verify unicast reverse-path
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed 100
media-type rj45
negotiation auto
!
router eigrp 1
network 10.3.3.0 0.0.0.255
network 10.150.150.0 0.0.0.255
network 10.151.151.0 0.0.0.7
network 192.168.27.0
no auto-summary
SPOKE1 config:
crypto isakmp key KeyA address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
mode transport
!
crypto ipsec profile CISCO
set transform-set ESP-3DES-SHA
!
interface Tunnel0
description SPOKE1
bandwidth 4000
ip address 10.151.151.2 255.255.255.248
no ip redirects
ip mtu 1416
no ip next-hop-self eigrp 1
ip nhrp authentication Cisco
ip nhrp map 10.151.151.1 A.A.A.A
ip nhrp map multicast A.A.A.A
ip nhrp network-id 100000
ip nhrp holdtime 360
ip nhrp nhs 10.151.151.1
ip tcp adjust-mss 1360
no ip split-horizon eigrp 1
delay 1000
tunnel source GigabitEthernet0/1
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile CISCO
!
interface GigabitEthernet0/1
description SPOKE1
ip address B.B.B.B 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
media-type rj45
!
router eigrp 1
network 10.148.27.0 0.0.0.255
network 10.148.148.0 0.0.0.255
network 10.151.151.0 0.0.0.7
no auto-summary
SPOKE2 config:
crypto isakmp key KeyA address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
mode transport
!
crypto ipsec profile CISCO
set transform-set ESP-3DES-SHA1
!
interface Tunnel0
description SPOKE2
bandwidth 4000
ip address 10.151.151.3 255.255.255.248
no ip redirects
ip mtu 1416
no ip next-hop-self eigrp 1
ip nhrp authentication Rentsys
ip nhrp map multicast A.A.A.A
ip nhrp map 10.151.151.1 A.A.A.A
ip nhrp network-id 100000
ip nhrp holdtime 360
ip nhrp nhs 10.151.151.1
ip tcp adjust-mss 1360
no ip split-horizon eigrp 1
delay 1000
tunnel source GigabitEthernet0/1
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile CISCO
!
interface GigabitEthernet0/1
description SPOKE2
ip address C.C.C.C 255.255.255.252
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex full
speed 100
media-type rj45
!
router eigrp 1
passive-interface default
no passive-interface Tunnel0
network 10.149.149.0 0.0.0.255
network 10.151.151.0 0.0.0.7
no auto-summary
I did a trace on a device on Spoke network 1 to a device on Spoke network 2. I noticed that the trace route goes through the mGRE and hops to the HUB GRE tunnel address. Is this the correct reflex for this configuration?
1 10.148.148.1 0 msec 0 msec 0 msec (internal address of Spoke 1 router)
2 10.151.151.1 50 msec 50 msec 51 msec (GRE "outside" address of HUB)
3 10.151.151.3 109 msec 109 msec 109 msec (GRE "outside" address of Spoke 2 router)
4 10.149.149.254 109 msec * 109 msec (Device on Spoke 2 router)
Solved! Go to Solution.
02-16-2010 04:24 PM
Hi,
Spoke1 should send out a NHRP request to HUB, and HUB reply with spoke2's mapping; after that spoke should build a spoke to spoke tunnel, and traffic from spoke to spoke should use that tunnel.
Do you have "no ip next-hop-self eigrp 1" configured under your hub tunnel interface?
If your IOS is 12.4(6)T or higher, you can consider use dmvpn phase 3.
HTH,
Lei Tian
02-16-2010 04:24 PM
Hi,
Spoke1 should send out a NHRP request to HUB, and HUB reply with spoke2's mapping; after that spoke should build a spoke to spoke tunnel, and traffic from spoke to spoke should use that tunnel.
Do you have "no ip next-hop-self eigrp 1" configured under your hub tunnel interface?
If your IOS is 12.4(6)T or higher, you can consider use dmvpn phase 3.
HTH,
Lei Tian
02-17-2010 07:58 AM
Lei,
That was the issue. I looked through that config about a thousand times and just missed that command.
Thanks for you help!
Jason
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide