Yes, you'll need it on all your DMVPN spokes. It informs the spokes where to send the traffic to. Let us know if that works
On Fri, Jan 21, 2011 at 9:28 PM, kamran shakil <[email protected]>wrote: > Do i need to PUT this command on both SPOKES ??? is it mandatory for it to > work ? > > > > On Sat, Jan 22, 2011 at 9:22 AM, Mark Senteza <[email protected]>wrote: > >> On the spoke routers' tunnel interface add: >> >> ip nhrp multicast 10.1.1.1 >> >> >> >> On Fri, Jan 21, 2011 at 8:29 PM, kamran shakil >> <[email protected]>wrote: >> >>> Dears, >>> I am stuck with the troubleshooting , need help on this one ~ >>> >>> I practiced a small setup of 3 routers using same subnet to connect >>> eachother via a L2 switch. I did this lab in GNS3 with 12.4(15)T IOS. If i >>> remove crypto commands and tunnel protection , everything seems ok and work >>> fine......., BUT once the crypto commands and tunnel protection is added , >>> it stopped working and no routes were showing in the table!!! >>> >>> I was trying Phase 2 configuration of DMVPN ~ >>> >>> >>> Here is the config: >>> ============== >>> crypto isakmp policy 10 >>> authentication pre-share >>> group 2 >>> crypto isakmp key CISCO address 0.0.0.0 0.0.0.0 >>> ! >>> ! >>> crypto ipsec transform-set TSET esp-aes esp-sha-hmac >>> mode transport >>> ! >>> crypto ipsec profile DMVPN >>> set transform-set TSET >>> ! >>> ! >>> >>> interface Loopback0 >>> ip address 192.168.1.1 255.255.255.0 >>> ! >>> interface Tunnel0 >>> ip address 172.16.123.1 255.255.255.0 >>> no ip redirects >>> ip mtu 1400 >>> no ip next-hop-self eigrp 123 >>> ip nhrp authentication cisco >>> ip nhrp map multicast dynamic >>> ip nhrp network-id 123 >>> ip nhrp cache non-authoritative >>> ip nhrp redirect >>> no ip split-horizon eigrp 123 >>> tunnel source FastEthernet0/0 >>> tunnel mode gre multipoint >>> tunnel key 123 >>> tunnel protection ipsec profile DMVPN >>> ! >>> interface FastEthernet0/0 >>> ip address 10.1.1.1 255.255.255.0 >>> duplex auto >>> speed auto >>> ! >>> interface FastEthernet0/1 >>> no ip address >>> shutdown >>> duplex auto >>> speed auto >>> ! >>> router eigrp 123 >>> network 172.16.0.0 >>> network 192.168.1.0 >>> no auto-summary >>> ! >>> router ospf 123 >>> log-adjacency-changes >>> network 10.1.1.1 0.0.0.0 area 0 >>> ! >>> ! >>> ! >>> >>> >>> OUTPUTS:- >>> =========== >>> >>> R1#sh ip ro >>> Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP >>> D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area >>> N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 >>> E1 - OSPF external type 1, E2 - OSPF external type 2 >>> i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS >>> level-2 >>> ia - IS-IS inter area, * - candidate default, U - per-user static >>> route >>> o - ODR, P - periodic downloaded static route >>> >>> Gateway of last resort is not set >>> >>> 172.16.0.0/24 is subnetted, 1 subnets >>> C 172.16.123.0 is directly connected, Tunnel0 >>> 10.0.0.0/24 is subnetted, 1 subnets >>> C 10.1.1.0 is directly connected, FastEthernet0/0 >>> C 192.168.1.0/24 is directly connected, Loopback0 >>> R1# >>> >>> >>> >>> R1#SHOW IP NHRP >>> 172.16.123.2/32 via 172.16.123.2, Tunnel0 created 00:05:57, expire >>> 00:05:58 >>> Type: dynamic, Flags: unique registered used >>> NBMA address: 10.1.1.2 >>> 172.16.123.3/32 via 172.16.123.3, Tunnel0 created 00:05:59, expire >>> 00:05:45 >>> Type: dynamic, Flags: unique registered used >>> NBMA address: 10.1.1.3 >>> R1# >>> >>> >>> >>> R1#Show IP eigrp interfaces >>> >>> IP-EIGRP interfaces for process 123 >>> Xmit Queue Mean Pacing Time Multicast >>> Pending >>> Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer >>> Routes >>> Lo0 0 0/0 0 0/1 >>> 0 0 >>> Tu0 0 0/0 0 71/2524 >>> 50 0 >>> R1# >>> >>> >>> >>> R1#SH IP INT BRIEF >>> Interface IP-Address OK? Method >>> Status Protocol >>> FastEthernet0/0 10.1.1.1 YES manual >>> up up >>> FastEthernet0/1 unassigned YES unset administratively >>> down down >>> Loopback0 192.168.1.1 YES manual >>> up up >>> Tunnel0 172.16.123.1 YES manual >>> up up >>> R1# >>> >>> >>> >>> >>> R1#sh crypto ipsec profile DMVPN >>> IPSEC profile DMVPN >>> Security association lifetime: 4608000 kilobytes/3600 seconds >>> PFS (Y/N): N >>> Transform sets={ >>> TSET, >>> } >>> >>> >>> >>> crypto isakmp policy 10 >>> authentication pre-share >>> group 2 >>> crypto isakmp key CISCO address 0.0.0.0 0.0.0.0 >>> ! >>> ! >>> crypto ipsec transform-set TSET esp-aes esp-sha-hmac >>> mode transport >>> ! >>> crypto ipsec profile DMVPN >>> set transform-set TSET >>> ! >>> ! >>> interface Loopback0 >>> ip address 192.168.2.2 255.255.255.0 >>> ! >>> interface Tunnel0 >>> ip address 172.16.123.2 255.255.255.0 >>> no ip redirects >>> ip mtu 1400 >>> ip nhrp authentication cisco >>> ip nhrp map 172.16.123.1 10.1.1.1 >>> ip nhrp network-id 123 >>> ip nhrp holdtime 360 >>> ip nhrp nhs 172.16.123.1 >>> ip nhrp cache non-authoritative >>> ip nhrp shortcut >>> tunnel source FastEthernet0/0 >>> tunnel mode gre multipoint >>> tunnel key 123 >>> tunnel protection ipsec profile DMVPN >>> ! >>> interface FastEthernet0/0 >>> ip address 10.1.1.2 255.255.255.0 >>> duplex auto >>> speed auto >>> ! >>> interface FastEthernet0/1 >>> no ip address >>> shutdown >>> duplex auto >>> speed auto >>> ! >>> router eigrp 123 >>> network 172.16.0.0 >>> network 192.168.2.0 >>> no auto-summary >>> ! >>> router ospf 123 >>> log-adjacency-changes >>> network 10.1.1.2 0.0.0.0 area 0 >>> ! >>> ! >>> >>> >>> OUTPUTS: >>> ======== >>> R2#sh ip int brief >>> Interface IP-Address OK? Method >>> Status Protocol >>> FastEthernet0/0 10.1.1.2 YES manual >>> up up >>> FastEthernet0/1 unassigned YES unset administratively >>> down down >>> Loopback0 192.168.2.2 YES manual >>> up up >>> Tunnel0 172.16.123.2 YES manual >>> up up >>> >>> >>> >>> R2#sh ip ro >>> Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP >>> D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area >>> N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 >>> E1 - OSPF external type 1, E2 - OSPF external type 2 >>> i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS >>> level-2 >>> ia - IS-IS inter area, * - candidate default, U - per-user static >>> route >>> o - ODR, P - periodic downloaded static route >>> >>> Gateway of last resort is not set >>> >>> 172.16.0.0/24 is subnetted, 1 subnets >>> C 172.16.123.0 is directly connected, Tunnel0 >>> 10.0.0.0/24 is subnetted, 1 subnets >>> C 10.1.1.0 is directly connected, FastEthernet0/0 >>> C 192.168.2.0/24 is directly connected, Loopback0 >>> R2# >>> >>> >>> >>> R2#sh ip eigrp neighbors >>> IP-EIGRP neighbors for process 123 >>> H Address Interface Hold Uptime SRTT RTO Q >>> Seq >>> (sec) (ms) Cnt >>> Num >>> 0 172.16.123.1 Tu0 13 00:00:57 1 5000 2 >>> 0 >>> R2# >>> >>> >>> >>> >>> R2#sh ip eigrp interfaces >>> IP-EIGRP interfaces for process 123 >>> >>> Xmit Queue Mean Pacing Time Multicast >>> Pending >>> Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer >>> Routes >>> Lo0 0 0/0 0 0/1 >>> 0 0 >>> Tu0 1 0/0 0 71/2524 >>> 50 0 >>> R2# >>> >>> R2#sh ip nhrp >>> 172.16.123.1/32 via 172.16.123.1, Tunnel0 created 00:11:12, never expire >>> Type: static, Flags: used >>> NBMA address: 10.1.1.1 >>> R2# >>> >>> >>> R2#sh cry ipsec profile DMVPN >>> IPSEC profile DMVPN >>> Security association lifetime: 4608000 kilobytes/3600 seconds >>> PFS (Y/N): N >>> Transform sets={ >>> TSET, >>> } >>> >>> R2# >>> >>> >>> R3 CONFIG: >>> ========== >>> >>> crypto isakmp policy 10 >>> authentication pre-share >>> group 2 >>> crypto isakmp key CISCO address 0.0.0.0 0.0.0.0 >>> ! >>> ! >>> crypto ipsec transform-set TSET esp-aes esp-sha-hmac >>> mode transport >>> ! >>> crypto ipsec profile DMVPN >>> set transform-set TSET >>> ! >>> ! >>> interface Loopback0 >>> ip address 192.168.3.3 255.255.255.0 >>> ! >>> interface Tunnel0 >>> ip address 172.16.123.3 255.255.255.0 >>> no ip redirects >>> ip mtu 1400 >>> ip nhrp authentication cisco >>> ip nhrp map 172.16.123.1 10.1.1.1 >>> ip nhrp network-id 123 >>> ip nhrp holdtime 360 >>> ip nhrp nhs 172.16.123.1 >>> ip nhrp cache non-authoritative >>> ip nhrp shortcut >>> tunnel source FastEthernet0/0 >>> tunnel mode gre multipoint >>> tunnel key 123 >>> tunnel protection ipsec profile DMVPN >>> ! >>> interface FastEthernet0/0 >>> ip address 10.1.1.3 255.255.255.0 >>> duplex auto >>> speed auto >>> ! >>> interface FastEthernet0/1 >>> no ip address >>> shutdown >>> duplex auto >>> speed auto >>> ! >>> router eigrp 123 >>> network 172.16.0.0 >>> network 192.168.3.0 >>> no auto-summary >>> ! >>> router ospf 1 >>> log-adjacency-changes >>> ! >>> router ospf 123 >>> log-adjacency-changes >>> network 10.1.1.3 0.0.0.0 area 0 >>> ! >>> ! >>> ! >>> >>> >>> OUTPUTS: >>> ================ >>> >>> R3#sh ip ro >>> Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP >>> D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area >>> N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 >>> E1 - OSPF external type 1, E2 - OSPF external type 2 >>> i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS >>> level-2 >>> ia - IS-IS inter area, * - candidate default, U - per-user static >>> route >>> o - ODR, P - periodic downloaded static route >>> >>> Gateway of last resort is not set >>> >>> 172.16.0.0/24 is subnetted, 1 subnets >>> C 172.16.123.0 is directly connected, Tunnel0 >>> 10.0.0.0/24 is subnetted, 1 subnets >>> C 10.1.1.0 is directly connected, FastEthernet0/0 >>> C 192.168.3.0/24 is directly connected, Loopback0 >>> R3# >>> >>> >>> >>> >>> R3#SH IP EIgrp interfaces >>> IP-EIGRP interfaces for process 123 >>> >>> Xmit Queue Mean Pacing Time Multicast >>> Pending >>> Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer >>> Routes >>> Lo0 0 0/0 0 0/1 >>> 0 0 >>> Tu0 1 0/0 0 71/2524 >>> 50 0 >>> R3# >>> >>> >>> R3#sh ip nhrp >>> 172.16.123.1/32 via 172.16.123.1, Tunnel0 created 00:21:04, never expire >>> Type: static, Flags: used >>> NBMA address: 10.1.1.1 >>> >>> >>> >>> R3#sh crypto ipsec pro DMVPN >>> IPSEC profile DMVPN >>> Security association lifetime: 4608000 kilobytes/3600 seconds >>> PFS (Y/N): N >>> Transform sets={ >>> TSET, >>> } >>> >>> R3# >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> _______________________________________________ >>> For more information regarding industry leading CCIE Lab training, please >>> visit www.ipexpert.com >>> >>> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
