tunnel retry limit exeed, EIGRP, DMVPN

prabinchand · ‎12-09-2021

hello everyone,

I am using DMVPN from my HUB to SPOKE2 and used EIGRP protocol.

But the error is showing tunnel 1, retry limit exceed and goes up and down simultaniously.

NOTE: error and topology is attached below.

CONFIGURATION

SPOKE2

!
!
interface Tunnel1
ip address 172.16.10.3 255.255.255.0
no ip redirects
no ip split-horizon eigrp 1
ip nhrp map multicast 1.1.1.1
ip nhrp map multicast 1.1.1.2
ip nhrp map 172.16.10.1 1.1.1.1
ip nhrp map 172.16.10.2 1.1.1.2
ip nhrp network-id 1
ip nhrp holdtime 10
ip nhrp nhs 172.16.10.1 priority 1 cluster 1
ip nhrp nhs 172.16.10.2 priority 2 cluster 1
ip nhrp nhs cluster 1 max-connections 1
ip nhrp nhs fallback 5
tunnel source FastEthernet0/0
tunnel mode gre multipoint
!
interface Tunnel2
ip address 125.25.25.3 255.255.255.0
no ip redirects
no ip split-horizon eigrp 1
ip nhrp map multicast 2.2.2.1
ip nhrp map multicast 2.2.2.2
ip nhrp map 125.25.25.1 2.2.2.1
ip nhrp map 125.25.25.2 2.2.2.2
ip nhrp network-id 2
ip nhrp nhs 125.25.25.1 priority 1 cluster 2
ip nhrp nhs 125.25.25.2 priority 2 cluster 2
ip nhrp nhs cluster 2 max-connections 1
ip nhrp nhs fallback 5
delay 6000
tunnel source FastEthernet1/1
tunnel mode gre multipoint
!
interface FastEthernet0/0
ip address 1.1.1.4 255.255.255.0
speed auto
duplex auto
!
interface FastEthernet0/1
ip address 192.168.20.1 255.255.255.0
speed auto
duplex auto
!
interface FastEthernet1/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet1/1
ip address 2.2.2.4 255.255.255.0
speed auto
duplex auto
!
!
router eigrp 1
network 125.25.25.0 0.0.0.255
network 172.16.10.0 0.0.0.255
network 192.168.20.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!

-----------------------------------------------------------------------------------------------

HUB-ACTIVE

!
ip tcp synwait-time 5
!
!
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
crypto isakmp key FORISP1 address 1.1.1.3
crypto isakmp key FORISP2 address 2.2.2.3
!
!
crypto ipsec transform-set ISP1SET esp-3des esp-md5-hmac
mode tunnel
crypto ipsec transform-set ISP2SET esp-3des esp-md5-hmac
mode tunnel
!
!
!
crypto map ISP1MAP 1 ipsec-isakmp
set peer 1.1.1.3
set transform-set ISP1SET
match address 100
!
crypto map ISP2MAP 2 ipsec-isakmp
set peer 2.2.2.3
set transform-set ISP2SET
match address 100
!
!
!
!
!
interface Tunnel1
ip address 172.16.10.1 255.255.255.0
no ip redirects
ip nhrp map multicast dynamic
ip nhrp network-id 1
tunnel source FastEthernet0/0
tunnel mode gre multipoint
!
interface Tunnel2
ip address 125.25.25.1 255.255.255.0
no ip redirects
ip nhrp map multicast dynamic
ip nhrp network-id 2
delay 60000
tunnel source FastEthernet1/1
tunnel mode gre multipoint
!
interface FastEthernet0/0
ip address 1.1.1.1 255.255.255.0
standby 2 ip 1.1.1.5
standby 2 priority 110
standby 2 preempt
standby 2 name WAN-INT
speed auto
duplex auto
crypto map ISP1MAP redundancy WAN-INT
!
interface FastEthernet0/1
ip address 192.168.10.1 255.255.255.0
standby 1 ip 192.168.10.5
standby 1 priority 110
standby 1 preempt
standby 1 name INLAN
speed auto
duplex auto
!
interface FastEthernet1/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet1/1
description ***ISP-2-SECONDARY***
ip address 2.2.2.1 255.255.255.0
standby 3 ip 2.2.2.5
standby 3 priority 110
standby 3 preempt
standby 3 name wlan2
speed auto
duplex auto
crypto map ISP2MAP redundancy wlan2
!
!
router eigrp 1
network 125.25.25.0 0.0.0.255
network 172.16.10.0 0.0.0.255
network 192.168.10.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.10.3
ip route 192.168.60.0 255.255.255.0 1.1.1.3
ip route 192.168.60.0 255.255.255.0 2.2.2.3 10
!
access-list 100 permit ip 192.168.50.0 0.0.0.255 192.168.60.0 0.0.0.255
!
!

-----------------------------------------------------------------------------------------------

HUB-STANDBY

!
ip tcp synwait-time 5
!
!
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
crypto isakmp key FORISP1 address 1.1.1.3
crypto isakmp key FORISP2 address 2.2.2.3
!
!
crypto ipsec transform-set ISP1SET esp-3des esp-md5-hmac
mode tunnel
crypto ipsec transform-set ISP2SET esp-3des esp-md5-hmac
mode tunnel
!
!
!
crypto map ISP1MAP 1 ipsec-isakmp
set peer 1.1.1.3
set transform-set ISP1SET
match address 100
!
crypto map ISP2MAP 2 ipsec-isakmp
set peer 2.2.2.3
set transform-set ISP2SET
match address 100
!
!
!
!
!
interface Tunnel1
ip address 172.16.10.2 255.255.255.0
no ip redirects
no ip split-horizon eigrp 1
ip nhrp map multicast dynamic
ip nhrp network-id 1
delay 7000
tunnel source FastEthernet0/0
tunnel mode gre multipoint
!
interface Tunnel2
ip address 125.25.25.2 255.255.255.0
no ip redirects
no ip split-horizon eigrp 1
ip nhrp map multicast dynamic
ip nhrp network-id 2
delay 8000
tunnel source FastEthernet1/1
tunnel mode gre multipoint
!
interface FastEthernet0/0
ip address 1.1.1.2 255.255.255.0
standby 2 ip 1.1.1.5
standby 2 preempt
standby 2 name WAN-INT
speed auto
duplex auto
crypto map ISP1MAP redundancy WAN-INT
!
interface FastEthernet0/1
ip address 192.168.10.2 255.255.255.0
standby 1 ip 192.168.10.5
standby 1 preempt
standby 1 name INLAN
speed auto
duplex auto
!
interface FastEthernet1/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet1/1
description ***ISP-2-SECONDARY***
ip address 2.2.2.2 255.255.255.0
standby 3 ip 2.2.2.5
standby 3 preempt
standby 3 name wlan2
speed auto
duplex auto
crypto map ISP2MAP redundancy wlan2
!
!
router eigrp 1
network 125.25.25.0 0.0.0.255
network 172.16.10.0 0.0.0.255
network 192.168.10.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.10.3
ip route 192.168.60.0 255.255.255.0 1.1.1.3
ip route 192.168.60.0 255.255.255.0 2.2.2.3 10
!
access-list 100 permit ip 192.168.50.0 0.0.0.255 192.168.60.0 0.0.0.255
!
!