RE: IPSec and DMVPN from Daniel on 2014-06-21 (Ccielab archives 06/2014)

From: <Daniel>
Date: Fri, 20 Jun 2014 23:51:56 -0500

HelloNop, this is a home lab for my studies. I spend like 1 hr shooting the
dmvpn and ipsec...It came to be that on the spokes I didn't have the other
spoke loopback so only the tunnel to the hub was working and it wasn't from
spoke to spoke.
Since I was announcing the loopbacks with bgp and I was using the same AS on
the spokes, allows-in solve this.hahaha anyways it was fun.
Thank you guys :)

> From: bmcgahan_at_ine.com
> To: daniel.barney.b_at_hotmail.com; ccielab_at_groupstudy.com
> Date: Fri, 20 Jun 2014 22:06:51 -0500
> Subject: RE: IPSec and DMVPN
>
> DMVPN is technically unrelated to IPsec. DMVPN runs inside of IPsec, so if
you have an IKE problem you need to look at IPsec show/debug to start. NHRP
can't resolve until the IPsec tunnel is formed. In general they would be:
>
> Show crypto isakmp sa
> Show crypto ipsec sa
> Debug crypto isakmp
> Debug crypto sa
>
> Like Jay said if this is production they should be sanitized, and try not to
create a Resume Generating Event (RGE) by debugging in production ;)
>
> Brian McGahan, 4 x CCIE #8593 (R&S/SP/SC/DC), CCDE #2013::13
> bmcgahan_at_INE.com
>
> Internetwork Expert, Inc.
> http://www.INE.com
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
Daniel Barney Briseqo
> Sent: Friday, June 20, 2014 4:49 PM
> To: CCIE Group Study
> Subject: IPSec and DMVPN
>
> Hello everyone,Today on my studies, the state of one of my DMPVN was
IKE.R6#sh
> dmvpnLegend: Attrb --> S - Static, D - Dynamic, I - Incomplete N -
> NATed, L - Local, X - No Socket # Ent --> Number of NHRP entries
with
> same NBMA peer NHS Status: E --> Expecting Replies, R --> Responding,
W
> --> Waiting UpDn Time --> Up or Down Time for a
>
Tunnel=======================================================================
> ===
> Interface: Tunnel100, IPv4 NHRP Details Type:Spoke, NHRP Peers:2, # Ent
Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb -----
> --------------- --------------- ----- -------- ----- 1 3.3.3.3
> 148.15.1.3 IKE 00:22:25 DX 1 5.5.5.5 148.15.1.5 UP
> 00:22:58 S
> My pre-shared key on my hub and my spokes is set to address 0.0.0.0
0.0.0.0.0.Can you guys help me what I should be checking?Thank you!
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Fri Jun 20 2014 - 23:51:56 ART

This archive was generated by hypermail 2.2.0 : Tue Jul 01 2014 - 06:32:36 ART