Simon, The first thing to begin with when setting up DMVPN is to not apply any encryption until you have everything working. After you are able to communicate from hub to spokes and spokes to spokes then apply the crypto configuration. By following this process you are then able to determine quickly whether the problem is with crypto configuration or the Tunnel setup.
With GetVPN first making sure that you have full connectivity and then setting up the group members. I haven't finished the troubleshooting section for Lab4 yet so I will hopefully have better advise after finishing it. Regards, Tyson Scott - CCIE #13513 R&S and Security Technical Instructor - IPexpert, Inc. Telephone: +1.810.326.1444 Cell: +1.248.504.7309 Fax: +1.810.454.0130 Mailto: [email protected] Join our free online support and peer group communities: http://www.IPexpert.com/communities IPexpert - The Global Leader in Self-Study, Classroom-Based, Video On Demand and Audio Certification Training Tools for the Cisco CCIE R&S Lab, CCIE Security Lab, CCIE Service Provider Lab , CCIE Voice Lab and CCIE Storage Lab Certifications. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Simon Baumann Sent: Saturday, October 03, 2009 12:36 PM To: [email protected] Subject: [OSL | CCIE_Security] VPN troubleshooting strategy. Hi, I wonder which strategy is most useful to troubleshoot VPN configurations. Let's assume I got an VPN with three routers, one is the GETVPN and DMVPN server, two spokes. My strategy would be: - check reachability - check ISAKMP settings: PSKs, policies - check transform sets - check RSA key - check ACL - check tunnel interfaces, NHRP and so on - check routing protocol - check....<tobecontinued> How would you begin? Cheers Simon _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
