Indeed it would be helpful to see the configuration.
Did you configure the tunnel source as Loopback0 and also configured the NHRP map settings on the spokes to the Loopback of the hub?
Did you also configure a wildcard ISAKMP key or a keys for the correct addresses (when using PSK)?
--
Regards,
Rick Mur
CCIE2 #21946 (R&S / Service Provider)
Sr. Support Engineer � IPexpert, Inc.
URL: http://www.IPexpert.com
On 22 dec 2009, at 09:13, Farrukh Haroon wrote:
> Did you define the crypto local-address on all sides?
>
> Can you please post your configuration
>
> On Tue, Dec 22, 2009 at 10:55 AM, backbone systems <
> backbone.systems_at_gmail.com> wrote:
>
>> Hi,
>>
>> I am trying to built a DMVPN tunnel bw R1-R2-R3 with R1 as HUB.
>> When i try to build the tunnel with tunnel source as loopback 0
>> .......the sh cry isa gives me the following error....
>>
>> *Mar 1 01:43:57.359: ISAKMP:(0:116:SW:1): IPSec policy invalidated
>> proposal
>> *Mar 1 01:43:57.363: ISAKMP:(0:116:SW:1): phase 2 SA policy not
>> acceptable! (local 200.0.0.1 remote 3.3.3.3)
>>
>> though my lo0 is advertised to all the peers via RIP and i can
>> successfully ping it from all routers.
>>
>> If i just change the source to my WAN(FR) interface ....the tunnel
>> works fine and i can successfully build the eigrp and ospf nei
>> relationships......
>>
>> What could be wrong?
>>
>> BB
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Tue Dec 22 2009 - 09:18:16 ART