From: Bozhidar Batev (b.batev@mobiltel.bg)
Date: Mon Nov 06 2006 - 06:01:42 ART
Hi,
I have 1 Cisco 7609 with IPSec VPN SPA modul which is my DMVPN hub
router and approximately 30 spokes 1841 routers. The spoke routers are
with the same config and IOS version.
I can't see 3 of them in NHRP table.
HUB
interface Tunnel30
ip vrf forwarding innet
ip address 192.168.65.65 255.255.255.224
no ip redirects
ip mtu 1470
ip pim sparse-mode
ip nhrp authentication GRE+nhrp
ip nhrp map multicast dynamic
ip nhrp network-id 6666
ip nhrp holdtime 700
ip ospf network broadcast
ip ospf cost 5
ip ospf priority 20
tunnel source Vlan547
tunnel mode gre multipoint
tunnel key 200
tunnel protection ipsec profile VPN
crypto engine subslot 7/0
interface Vlan547
description Inside Interface vlan for VPN SPA
ip address 172.20.1.2 255.255.255.128
ip access-group ACL_MAN in
no mop enabled
crypto engine subslot 7/0
SPOKE
interface Tunnel20
ip address 192.168.65.72 255.255.255.224
no ip redirects
ip mtu 1470
ip pim sparse-mode
ip nhrp authentication GRE+nhrp
ip nhrp map multicast 172.20.1.2
ip nhrp map 192.168.65.65 172.20.1.2
ip nhrp network-id 6666
ip nhrp holdtime 700
ip nhrp nhs 192.168.65.65
ip tcp adjust-mss 1360
ip ospf network broadcast
ip ospf cost 5
ip ospf priority 0
qos pre-classify
tunnel source FastEthernet0/1
tunnel destination 172.20.1.2
tunnel key 200
tunnel protection ipsec profile VPN
interface FastEthernet0/1
bandwidth 10000
ip address 172.20.1.9 255.255.255.128
duplex auto
speed auto
no cdp enable
max-reserved-bandwidth 100
service-policy output queueing-CE2PE
__________________________________________
HUB________________________________________
main-gw#sh ip nhrp
192.168.65.66/32 via 192.168.65.66, Tunnel30 created 2d19h, expire
00:09:01
Type: dynamic, Flags: authoritative unique registered
NBMA address: 172.20.1.3
192.168.65.67/32 via 192.168.65.67, Tunnel30 created 2d19h, expire
00:09:22
Type: dynamic, Flags: authoritative unique registered used
NBMA address: 172.20.1.4
192.168.65.68/32 via 192.168.65.68, Tunnel30 created 01:03:46, expire
00:09:38
Type: dynamic, Flags: authoritative unique registered
NBMA address: 172.20.1.5
192.168.65.70/32 via 192.168.65.70, Tunnel30 created 2d19h, expire
00:11:30
Type: dynamic, Flags: authoritative unique registered used
NBMA address: 172.20.1.7
192.168.65.71/32 via 192.168.65.71, Tunnel30 created 11:43:58, expire
00:10:29
Type: dynamic, Flags: authoritative unique registered used
NBMA address: 172.20.1.8
192.168.65.72/32, Tunnel30 created 00:01:12, expire 00:01:52
Type: incomplete, Flags: negative
Cache hits: 7
192.168.65.73/32 via 192.168.65.73, Tunnel30 created 20:35:48, expire
00:10:26
Type: dynamic, Flags: authoritative unique registered
NBMA address: 172.20.1.10
192.168.65.74/32 via 192.168.65.74, Tunnel30 created 2d19h, expire
00:07:53
Type: dynamic, Flags: authoritative unique registered used
NBMA address: 172.20.1.11
192.168.65.75/32 via 192.168.65.75, Tunnel30 created 2d19h, expire
00:10:23
Type: dynamic, Flags: authoritative unique registered
NBMA address: 172.20.1.12
192.168.65.76/32 via 192.168.65.76, Tunnel30 created 2d19h, expire
00:11:08
Type: dynamic, Flags: authoritative unique registered used
NBMA address: 172.20.1.13
192.168.65.77/32 via 192.168.65.77, Tunnel30 created 01:17:10, expire
00:11:38
Type: dynamic, Flags: authoritative unique registered used
NBMA address: 172.20.1.14
192.168.65.78/32 via 192.168.65.78, Tunnel30 created 2d19h, expire
00:11:11
Type: dynamic, Flags: authoritative unique registered used
NBMA address: 172.20.1.16
Debug NHRP
Nov 6 10:53:04 BG: NHRP: Checking for delayed event
0.0.0.0/192.168.65.72 on list (Tunnel30).
Nov 6 10:53:04 BG: NHRP: No node found.
Nov 6 10:53:04 BG: NHRP: Attempting to send packet via DEST
192.168.65.72
Nov 6 10:53:04 BG: NHRP: Send Resolution Request via Tunnel30, packet
size: 84
Nov 6 10:53:04 BG: src: 192.168.65.65, dst: 192.168.65.72
Nov 6 10:53:04 BG: NHRP: Encapsulation failed for destination
192.168.65.72 out Tunnel30
This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:45 ART