Re: OT: DMVPN

From: Chris Broadway (midatlanticnet@gmail.com)
Date: Wed Mar 22 2006 - 16:12:47 GMT-3

• Next message: Petr Lapukhov: "Re: "ip rtp priority" & "fram ip rtp priority""
• Previous message: Nick Griffin: "Spanning Tree Portfast"
• Maybe in reply to: Chris Broadway: "OT: DMVPN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

All,

I am still drowning on this. Here is a quick recap. The tunnels from the
spoke to the hub come up. When I add EIGRP to the equation, I get this
error on the spokes and never see a neighbor relationship on the hub:

This one is from

*Mar 22 18:46:41.712: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor
50.50.50.2(Tunnel0) is down: retry limit exceeded

*Mar 22 18:46:45.564: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor
50.50.50.2(Tunnel0) is up: new adjacency

If I removed EIGRP and use static routes pointing to the tunnel IP of the
other spoke, Everything seems to work and a trace verifies that the tunnel
is spoke to spoke and not through the hub.

Attached is an example of the topology.

At first it looked like the EIGRP was bouncing because the tunnel bouncedI
could not find any evidence that the tunnel was bouncing. Here is an
example of the static routing I used instead of EIGRP:

From the lower left hand spoke:

ip route 10.10.0.0 255.255.0.0 10.10.5.1

ip route 11.11.11.11 255.255.255.255 50.50.50.3

From the lower right spoke:

ip route 9.9.9.9 255.255.255.255 50.50.50.1

ip route 10.10.0.0 255.255.0.0 10.10.7.1

From the hub:

ip route 10.10.0.0 255.255.0.0 10.10.8.1

Here is a ping and trace from spoke to spoke:

2610XM_CE_C#ping 9.9.9.9

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 9.9.9.9, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/6/8 ms

2610XM_CE_C#traceroute 9.9.9.9

Type escape sequence to abort.

Tracing the route to 9.9.9.9

  1 50.50.50.1 8 msec * 4 msec

Here is the crypto session being built on 9.9.9.9:

*Mar 22 19:06:37.704: %CRYPTO-5-SESSION_STATUS: Crypto tunnel is UP . Peer
10.10.7.2:500 Id: 10.10.7.2

Interface: Tunnel0

Session status: UP-ACTIVE

Peer: 10.10.7.2/500

  IKE SA: local 10.10.5.2/500 remote 10.10.7.2/500 Active

  IPSEC FLOW: permit 47 host 10.10.5.2 host 10.10.7.2

        Active SAs: 2, origin: crypto map

So the question remains, why is this not working when I remove the static
routes and use EIGRP?

-Chris

[GroupStudy removed an attachment of type application/vnd]

• Next message: Petr Lapukhov: "Re: "ip rtp priority" & "fram ip rtp priority""
• Previous message: Nick Griffin: "Spanning Tree Portfast"
• Maybe in reply to: Chris Broadway: "OT: DMVPN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Apr 01 2006 - 10:07:40 GMT-3