Tyson, that was my problem :) I only di a permit for tcp, udp and icmp. I forgot to add gre or simply do a permit ip any any. Thanks for your help.
Have a great sunday Simon Am 24.01.2010 um 16:11 schrieb Tyson Scott: > Is anything being blocked by the ASA? Your configurations look correct below > for Phase I DMVPN > > Regards, > > Tyson Scott - CCIE #13513 R&S, Security, and SP > Technical Instructor - IPexpert, Inc. > Mailto: [email protected] > Telephone: +1.810.326.1444, ext. 208 > Live Assistance, Please visit: www.ipexpert.com/chat > eFax: +1.810.454.0130 > > IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S, > Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service > Provider) Certification Training with locations throughout the United States, > Europe and Australia. Be sure to check out our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > From: Simon Baumann [mailto:[email protected]] > Sent: Sunday, January 24, 2010 6:23 AM > To: Tyson Scott > Cc: [email protected] > Subject: Re: [OSL | CCIE_Security] Lab 4, section 2, task 4.12 > > > R5(config)#do sh run int tun 100 > Building configuration... > > Current configuration : 248 bytes > ! > interface Tunnel100 > ip address 172.16.100.5 255.255.255.0 > ip nhrp map 172.16.100.7 8.9.2.7 > ip nhrp map multicast 8.9.2.7 > ip nhrp network-id 1 > ip nhrp nhs 172.16.100.7 > tunnel source Serial0/1/0 > tunnel destination 8.9.2.7 > tunnel key 1 > end > > > > R7(config)#do sh run int tun 100 > Building configuration... > > Current configuration : 209 bytes > ! > interface Tunnel100 > ip address 172.16.100.7 255.255.255.0 > no ip redirects > ip nhrp map multicast dynamic > ip nhrp network-id 1 > tunnel source FastEthernet0/1 > tunnel mode gre multipoint > tunnel key 1 > end > > Yes, the output tells so. > > Cheers > Simon > > > > Am 24.01.2010 um 04:18 schrieb Tyson Scott: > > > Do you have the following in the configuration. > > ip nhrp nhs 172.16.100.7 > > It says in the debug output below that you don't have a NHS configured. > > Regards, > > Tyson Scott - CCIE #13513 R&S, Security, and SP > Technical Instructor - IPexpert, Inc. > Mailto: [email protected] > Telephone: +1.810.326.1444, ext. 208 > Live Assistance, Please visit: www.ipexpert.com/chat > eFax: +1.810.454.0130 > > > From: [email protected] > [mailto:[email protected]] On Behalf Of Simon Baumann > Sent: Saturday, January 23, 2010 6:07 PM > To: [email protected] > Subject: [OSL | CCIE_Security] Lab 4, section 2, task 4.12 > > Hi, > I'm working on the DMVPN section. After my EIGRP neighbors didn't get up, I > reseted my pod any only configured the GRE interfaces, without any ipsec > profile or routing. > For my knowledge I should be able to ping R7 tunnel interface 172.16.100.7 > from R5, which has 172.16.100.5 on Tun100. > I ran an "debug nhrp" on R7, here's the output: > > *Jan 23 23:06:26.503: NHRP: if_up: Tunnel100 proto 0 > *Jan 23 23:06:26.703: NHRP: if_up: Tunnel100 proto 0 > *Jan 23 23:06:26.703: NHRP: Unable to send Registration - no NHSes configured > > Here's the debug output of R5: > *Jan 24 00:18:15.319: NHRP: if_up: Tunnel100 proto 0 > *Jan 24 00:18:15.323: NHRP: Attempting to send packet via DEST 172.16.100.7 > *Jan 24 00:18:15.323: NHRP: Send Registration Request via Tunnel100 vrf 0, > packet size: 92 > *Jan 24 00:18:15.323: NHRP: 120 bytes out Tunnel100 > *Jan 24 00:18:15.323: NHRP: Resetting retransmit due to hold-timer for > 172.16.100.7 > *Jan 24 00:18:16.311: NHRP: Setting retrans delay to 2 for nhs dst > 172.16.100.7 > *Jan 24 00:18:16.311: NHRP: Attempting to send packet via DEST 172.16.100.7 > *Jan 24 00:18:16.311: NHRP: Send Registration Request via Tunnel100 vrf 0, > packet size: 92 > *Jan 24 00:18:16.311: NHRP: 120 bytes out Tunnel100 > > > My research only lead to this information: > http://www.realexam.net/vpns-can-really-upset-me/1368.html > Do you have an hint what to check next? > > Cheers > Simon > > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
