cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4881
Views
0
Helpful
1
Replies

Stuck the DMVPN state in IKE

DaeHeon Kang
Level 1
Level 1

Hi 

 

I am seeking for the reason why the state from one of two DMVPN tunnels of SPOKE is stuck in IKE, however the relevant HUB shows the state regarding the SPOKE as UP.

The output from show commands is as below;

 

SPOKE1#show dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
N - NATed, L - Local, X - No Socket
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding
UpDn Time --> Up or Down Time for a Tunnel
==========================================================================

Interface: Tunnel50, IPv4 NHRP Details              <-- DMVPN tunnel  to HUB2 through PPPoE network
Type:Spoke, NHRP Peers:1,

# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
1 10.220.251.145 10.220.143.1 IKE 05:14:57 S

Interface: Tunnel60, IPv4 NHRP Details                  <-- DMVPN tunnel through MPLS network
Type:Spoke, NHRP Peers:1,

# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
1 10.220.147.1 10.220.148.1 UP 4d18h S

 

HUB2#show dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
N - NATed, L - Local, X - No Socket
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding
UpDn Time --> Up or Down Time for a Tunnel
==========================================================================

Interface: Tunnel100, IPv4 NHRP Details
Type:Hub, NHRP Peers:13,

# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
1 10.220.251.170 10.220.143.9 UP 05:18:20 D

 

1 Reply 1

Francesco Molino
VIP Alumni
VIP Alumni
Hi

What router model is your spoke?
What is your config? I mean, does your tunnel is in a vrf?
I ask these 2 questions because there's a bug on specific platform.

Also, have you checked if your peering (BGP, eigrp or whatever) is up and running. Did traffic can go through this tunnel 50?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: