DMVPN is technically unrelated to IPsec. DMVPN runs inside of IPsec, so if you have an IKE problem you need to look at IPsec show/debug to start. NHRP can't resolve until the IPsec tunnel is formed. In general they would be:
Show crypto isakmp sa
Show crypto ipsec sa
Debug crypto isakmp
Debug crypto sa
Like Jay said if this is production they should be sanitized, and try not to create a Resume Generating Event (RGE) by debugging in production ;)
Brian McGahan, 4 x CCIE #8593 (R&S/SP/SC/DC), CCDE #2013::13
bmcgahan_at_INE.com
Internetwork Expert, Inc.
http://www.INE.com
-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Daniel Barney Briseqo
Sent: Friday, June 20, 2014 4:49 PM
To: CCIE Group Study
Subject: IPSec and DMVPN
Hello everyone,Today on my studies, the state of one of my DMPVN was IKE.R6#sh
dmvpnLegend: Attrb --> S - Static, D - Dynamic, I - Incomplete N -
NATed, L - Local, X - No Socket # Ent --> Number of NHRP entries with
same NBMA peer NHS Status: E --> Expecting Replies, R --> Responding, W
--> Waiting UpDn Time --> Up or Down Time for a
Tunnel=======================================================================
===
Interface: Tunnel100, IPv4 NHRP Details Type:Spoke, NHRP Peers:2, # Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb -----
--------------- --------------- ----- -------- ----- 1 3.3.3.3
148.15.1.3 IKE 00:22:25 DX 1 5.5.5.5 148.15.1.5 UP
00:22:58 S
My pre-shared key on my hub and my spokes is set to address 0.0.0.0 0.0.0.0.0.Can you guys help me what I should be checking?Thank you!
Blogs and organic groups at http://www.ccie.net
Received on Fri Jun 20 2014 - 22:06:51 ART
This archive was generated by hypermail 2.2.0 : Tue Jul 01 2014 - 06:32:36 ART