(no subject)

From: Luan Nguyen (luan.m.nguyen@gmail.com)
Date: Thu Jan 10 2008 - 22:46:31 ARST

• Next message: xiongxiaogang: "(no subject)"
• Previous message: Jack Flash: "RE: Tuning STP timers : IPexpert versus IE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

GRE keep alive doesn't work with DMVPN. Hopefully that's a not yet :)
Should take off the ipsec piece and see how that goes. Isolation one part
at a time for troubleshooting.

-lmn

On Jan 10, 2008 2:57 PM, Farrukh Haroon <farrukhharoon@gmail.com> wrote:

> Hello Steven
>
> You could try these (in no specific order):
>
> i) GRE Keep Alives (interface tunnel x >> keepalive n)
> ii) Increasing the NHRP hold-time (if there is no restriction on the
> exam)
> iii) IKE Dead Peer Detection (DPD) (crypto isakmp keepalive)
>
> Let me know how it goes if you success with any of these solutions.
>
> Regards
>
> Farrukh
>
>
> On Jan 10, 2008 9:31 PM, xiongxiaogang <xiongxg@msn.com> wrote:
>
> > Hi,
> > I configure dmvpn between one hub and two spokes, the tunnels of
> > spoke-to-spoke and spoke-to-hub both work, but I found there is a weired
> > problem, that is if I only ping from one spoke to the other spoke, it
> works
> > normally, but meanwhile if I also ping a spoke to the hub, although
> tunnel
> > is up normally, but the tunnel cannot keep up always, it becoming down
> when
> > ip nhrp expires, and the worse is eigrp neighbor between hub and spoke
> is
> > affected by the disconnect tunnel, when ip nhrp expires, eigrp neighbor
> > between hub and spoke is down with the error message "*Jan 5 17:32:
> 02.743:
> > %CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet. (ip)
> > vrf/dest_addr= /105.1.2.5, src_addr= 105.1.50.2, prot= 47..."
> > when the eigrp neigbhor is down, even if you ping from spoke to hub,
> > cannot enable tunnel up. so I have to go to spoke and shut/no shut
> tunnel
> > interface to resolve it. but I do not think
> > it is a good solution, considering in the real world, cannot always let
> > the router administrator to login to the spoke router and shut/no shut
> > tunnel interface to let the traffic between spokes and hub to go
> through,
> > and in the lab exam, considering proctor maybe see the error message if
> he
> > have ever ping from spoke to hub and provided you set the ip nhrp
> holdtime
> > to 300 seconds, it is expected that the proctor will see the error
> message
> > after 5 minutes and he know the eigrp neighbor is down.
> >
> > so I doubt the solution could be improved in some place, but I read a
> lot
> > of dmvpn documents, including the long thread discuss about the dmvpn in
> the
> > forum, but have no idea now, I am wondering who can throw me a light for
> it,
> > I am very appreciate of it.
> >
> > Regards
> > Steven
> > _________________________________________________________________
> > MSNJ%5.@qNo;pHH5G3!#,Cb7Q7"7EVP#,?l@4AlH!0I#!
> > http://im.live.cn/emoticons/?ID=18

• Next message: xiongxiaogang: "(no subject)"
• Previous message: Jack Flash: "RE: Tuning STP timers : IPexpert versus IE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Feb 01 2008 - 10:37:58 ARST