Hi Team,
Without the isakmp and ipsec , my dmvpn tunnels are up and working absolutely fine.
Once I apply the isakmp and ipsec configs, dmvpn tunnels do not come up.
EIGRP 99 used over DMVPN breaks. Can you please help
Configs used:
ip vrf external
rd 69:69
2. Define the pre-share key
crypto keyring dmvpn vrf external
pre-shared-key address 0.0.0.0 0.0.0.0 key cisco
3.Define IKE phase 1 policy
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
crypto isakmp invalid-spi-recovery
crypto isakmp keepalive 30 5 periodic
4.Define the IPSEC proposal
crypto ipsec transform-set STRONG esp-aes esp-sha-hmac
mode tunnel
5.Define the IPSEC Profile
crypto ipsec profile dmvpn-profile
set transform-set STRONG
6.Create the tunnel interface.
interface Tunnel99
description DMVPN
bandwidth 17000000
ip address 10.142.136.42
no ip redirects
no ip unreachables
ip mtu 1400
ip hello-interval eigrp 99 6
ip hold-time eigrp 99 25
ip flow ingress
ip pim nbma-mode
ip pim sparse-mode
ip nhrp authentication DMVPN_NW
ip nhrp group 17M-wan-qos
ip nhrp map multicast 144.15.56.x
ip nhrp map multicast 144.15.56.y
ip nhrp map 10.140.136.1 144.15.56.x
ip nhrp map 10.140.136.2 144.15.56.y
ip nhrp network-id 10140136
ip nhrp holdtime 360
ip nhrp nhs 10.140.136.1
ip nhrp nhs 10.140.136.2
ip tcp adjust-mss 1360
load-interval 30
delay 1000
tunnel source Gig0/2
tunnel mode gre multipoint
tunnel key 10140136
tunnel vrf external
tunnel protection ipsec profile dmvpn-profile
no shut
7. Configure the interface where the service provider link would be connected.
int Gig 0/2
ip vrf forwarding external
ip address 222.165.226.98 255.255.255.240
no ip redirects
no ip unreachables
ip flow ingress
end