Re: DMVPN Lab Configuration Issue

From: Felix Nkansah (felixnkansah@gmail.com)
Date: Wed Oct 08 2008 - 15:36:19 ART

• Next message: Chuck Ryan (chryan): "RE: Ip PIM Auto-rp Listener"
• Previous message: Luan Nguyen: "RE: DMVPN Lab Configuration Issue"
• Maybe in reply to: Felix Nkansah: "DMVPN Lab Configuration Issue"
• Next in thread: Joseph Brunner: "RE: DMVPN Lab Configuration Issue"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks Luan, but I have tried all these commands and they still don't seem
to solve the problem.
Unless of course I don't wait long enough to see them work.

On Wed, Oct 8, 2008 at 6:28 PM, Luan Nguyen <luan@netcraftsmen.net> wrote:

> You could try to configure crypto isakmp invalid-spi-recovery, dead peer
> detection and crypto ipsec security-association idle-time.
> Word is that Cisco is working on keep alive for DMVPN :)
>
>
> Luan Nguyen
> Chesapeake NetCraftsmen, LLC.
> www.NetCraftsmen.net
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Felix Nkansah
> Sent: Wednesday, October 08, 2008 2:08 PM
> To: Cisco certification
> Subject: DMVPN Lab Configuration Issue
>
> Hi All,
> I have a lab setup of 3 routers in a hub-and-spoke topology. I have
> configured DMVPN with R1 being the hub. These routers all connect through a
> switch.
>
> The problem I experience is that, if the hub router goes off (because I
> reboot it or shut down the WAN interface), the ISAKMP and IPSEC
> associations
> remain active on the spokes.
>
> As such when the hub router comes back up, the spokes try to use the
> existing SAs to communicate with it, which results in 'Invalid SPI errors'
> on the Hub with no connectivity as such.
>
> I resolve this problem manually by clearing crypto sessions on the
> spokes. The hub doesn't initiate the connection because its tunnel
> interface
> is in GRE Multipoint mode.
>
> I would like to know if there is a way to let the spokes automatically
> time-out their SA sessions and re-initiate Phase 1 & 2 negotiations if the
> Hub becomes unavailable for some seconds.
>
> Waiting on your reply.
>
> Thanks,
>
> Felix
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: Chuck Ryan (chryan): "RE: Ip PIM Auto-rp Listener"
• Previous message: Luan Nguyen: "RE: DMVPN Lab Configuration Issue"
• Maybe in reply to: Felix Nkansah: "DMVPN Lab Configuration Issue"
• Next in thread: Joseph Brunner: "RE: DMVPN Lab Configuration Issue"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Nov 01 2008 - 15:35:20 ARST