From: M. Mohan (mmsundar@yahoo.com)
Date: Sun Aug 28 2005 - 00:54:40 GMT-3
Hi Koen, Jens,
Thank you for your comments.
The spoke-to-spoke IPSec tunnel establishments works
fine. I verified this with the "show crypto ipsec sa"
and could see that the packets are being encrypted and
decrypted between the two networks.
Yes, 12.2(15)T seems to be a very very buggy version
and it worries me a lot :(
Thank you,
Mohan
--- Koen Peetermans <k.peetermans@chello.be> wrote:
> Problem with that is that this command only appears
> at 12.3(2), and not with
> 12.2(15)Tx.......
>
> As far as I have checked already, DMVPN is not
> behaving completely to
> "marketing specs" at 12.2(15)T, and you'll need at
> least the "spoke-to-spoke
> functionality" IOS (which is more a bug fix than a
> feature IMHO) to make it
> work accordingly.
>
> Problem is that the Cisco CCIE lab uses 12.2T
> according to their blueprint,
> so DMVPN will have it caveats in getting it to work.
>
> Just a crazy idea: maybe by disabling route-cache on
> the spoke routers the
> next-hop will still be "seen" as the hub address,
> but the underlying logic
> sends packets directly to the other spoke router ?
> Maybe you can try to find
> out what *really* happens to the packets ?
>
> Kind regards,
>
> Koen.
>
>
> -----Original Message-----
> From: nobody@groupstudy.com
> [mailto:nobody@groupstudy.com] On Behalf Of Jens
> Petter Eikeland
> Sent: zaterdag 27 augustus 2005 19:16
> To: 'M. Mohan'; security@groupstudy.com;
> ccielab@groupstudy.com
> Subject: SV: DMVPN and EIGRP
>
> Hi ,
>
> You will need the no ip next-hop-self eigrp <as>
> command on the hub router
> to have the next hop be the orginal next hop.
>
> Jens P
>
> -----Opprinnelig melding-----
> Fra: nobody@groupstudy.com
> [mailto:nobody@groupstudy.com] Pe vegne av M.
> Mohan
> Sendt: 27. august 2005 14:08
> Til: CCIEGS
> Emne: DMVPN and EIGRP
>
> Hello all,
>
> I have configured a basic DMVPN set up and running
> EIGRP over the tunnel interfaces.
>
> At the spoke routers, I see that the next-hop to
> reach
> the networks beyond the other spoke points to the
> hub
> router's tunnel interface. If I want to have
> spoke-to-spoke tunnels, then I need to have these
> next-hops point to the remote spoke routers' tunnel
> interfaces.
>
> According to the below document, to achieve this, I
> need to use process switching on the tunnel
> interfaces. (I am running 12.2(15)T)
>
>
http://www.cisco.com/warp/public/105/dmvpn.html#eigrp
>
> I configured "no ip route-cache" on the tunnel
> interfaces of the spokes to have it process
> switched.
> But still I see that the spokes point to the hub
> router's tunnel interface to reach the networks
> beyond
> other spokes.
>
> The other option is to run a different protocol,
> which
> I am anyway going to try, but wanted to make this
> work
> before I try that.
>
> Anybody know how to make this work using EIGRP?
>
> I have turned off the split-horizon at the hub
> router's mGRE interface.
>
> Thanks in advance,
> Mohan
>
>
>
> __________________________________
> Yahoo! Mail
> Stay connected, organized, and protected. Take the
> tour:
> http://tour.mail.yahoo.com/mailtour.html
>
>
This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:01:20 GMT-3