My question further is , "is it compulsory that tunnel key and network id , should match !!! tehy should be same number ! "
is it locally significant , or all hub and spokes must harmonize the network id and tunnel-key numbers all together as a family ! On Sat, Jan 22, 2011 at 9:22 AM, Mark Senteza <[email protected]>wrote: > On the spoke routers' tunnel interface add: > > ip nhrp multicast 10.1.1.1 > > > > On Fri, Jan 21, 2011 at 8:29 PM, kamran shakil > <[email protected]>wrote: > >> Dears, >> I am stuck with the troubleshooting , need help on this one ~ >> >> I practiced a small setup of 3 routers using same subnet to connect >> eachother via a L2 switch. I did this lab in GNS3 with 12.4(15)T IOS. If i >> remove crypto commands and tunnel protection , everything seems ok and work >> fine......., BUT once the crypto commands and tunnel protection is added , >> it stopped working and no routes were showing in the table!!! >> >> I was trying Phase 2 configuration of DMVPN ~ >> >> >> Here is the config: >> ============== >> crypto isakmp policy 10 >> authentication pre-share >> group 2 >> crypto isakmp key CISCO address 0.0.0.0 0.0.0.0 >> ! >> ! >> crypto ipsec transform-set TSET esp-aes esp-sha-hmac >> mode transport >> ! >> crypto ipsec profile DMVPN >> set transform-set TSET >> ! >> ! >> >> interface Loopback0 >> ip address 192.168.1.1 255.255.255.0 >> ! >> interface Tunnel0 >> ip address 172.16.123.1 255.255.255.0 >> no ip redirects >> ip mtu 1400 >> no ip next-hop-self eigrp 123 >> ip nhrp authentication cisco >> ip nhrp map multicast dynamic >> ip nhrp network-id 123 >> ip nhrp cache non-authoritative >> ip nhrp redirect >> no ip split-horizon eigrp 123 >> tunnel source FastEthernet0/0 >> tunnel mode gre multipoint >> tunnel key 123 >> tunnel protection ipsec profile DMVPN >> ! >> interface FastEthernet0/0 >> ip address 10.1.1.1 255.255.255.0 >> duplex auto >> speed auto >> ! >> interface FastEthernet0/1 >> no ip address >> shutdown >> duplex auto >> speed auto >> ! >> router eigrp 123 >> network 172.16.0.0 >> network 192.168.1.0 >> no auto-summary >> ! >> router ospf 123 >> log-adjacency-changes >> network 10.1.1.1 0.0.0.0 area 0 >> ! >> ! >> ! >> >> >> OUTPUTS:- >> =========== >> >> R1#sh ip ro >> Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP >> D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area >> N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 >> E1 - OSPF external type 1, E2 - OSPF external type 2 >> i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS >> level-2 >> ia - IS-IS inter area, * - candidate default, U - per-user static >> route >> o - ODR, P - periodic downloaded static route >> >> Gateway of last resort is not set >> >> 172.16.0.0/24 is subnetted, 1 subnets >> C 172.16.123.0 is directly connected, Tunnel0 >> 10.0.0.0/24 is subnetted, 1 subnets >> C 10.1.1.0 is directly connected, FastEthernet0/0 >> C 192.168.1.0/24 is directly connected, Loopback0 >> R1# >> >> >> >> R1#SHOW IP NHRP >> 172.16.123.2/32 via 172.16.123.2, Tunnel0 created 00:05:57, expire >> 00:05:58 >> Type: dynamic, Flags: unique registered used >> NBMA address: 10.1.1.2 >> 172.16.123.3/32 via 172.16.123.3, Tunnel0 created 00:05:59, expire >> 00:05:45 >> Type: dynamic, Flags: unique registered used >> NBMA address: 10.1.1.3 >> R1# >> >> >> >> R1#Show IP eigrp interfaces >> >> IP-EIGRP interfaces for process 123 >> Xmit Queue Mean Pacing Time Multicast >> Pending >> Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer >> Routes >> Lo0 0 0/0 0 0/1 0 >> 0 >> Tu0 0 0/0 0 71/2524 50 >> 0 >> R1# >> >> >> >> R1#SH IP INT BRIEF >> Interface IP-Address OK? Method >> Status Protocol >> FastEthernet0/0 10.1.1.1 YES manual >> up up >> FastEthernet0/1 unassigned YES unset administratively >> down down >> Loopback0 192.168.1.1 YES manual >> up up >> Tunnel0 172.16.123.1 YES manual >> up up >> R1# >> >> >> >> >> R1#sh crypto ipsec profile DMVPN >> IPSEC profile DMVPN >> Security association lifetime: 4608000 kilobytes/3600 seconds >> PFS (Y/N): N >> Transform sets={ >> TSET, >> } >> >> >> >> crypto isakmp policy 10 >> authentication pre-share >> group 2 >> crypto isakmp key CISCO address 0.0.0.0 0.0.0.0 >> ! >> ! >> crypto ipsec transform-set TSET esp-aes esp-sha-hmac >> mode transport >> ! >> crypto ipsec profile DMVPN >> set transform-set TSET >> ! >> ! >> interface Loopback0 >> ip address 192.168.2.2 255.255.255.0 >> ! >> interface Tunnel0 >> ip address 172.16.123.2 255.255.255.0 >> no ip redirects >> ip mtu 1400 >> ip nhrp authentication cisco >> ip nhrp map 172.16.123.1 10.1.1.1 >> ip nhrp network-id 123 >> ip nhrp holdtime 360 >> ip nhrp nhs 172.16.123.1 >> ip nhrp cache non-authoritative >> ip nhrp shortcut >> tunnel source FastEthernet0/0 >> tunnel mode gre multipoint >> tunnel key 123 >> tunnel protection ipsec profile DMVPN >> ! >> interface FastEthernet0/0 >> ip address 10.1.1.2 255.255.255.0 >> duplex auto >> speed auto >> ! >> interface FastEthernet0/1 >> no ip address >> shutdown >> duplex auto >> speed auto >> ! >> router eigrp 123 >> network 172.16.0.0 >> network 192.168.2.0 >> no auto-summary >> ! >> router ospf 123 >> log-adjacency-changes >> network 10.1.1.2 0.0.0.0 area 0 >> ! >> ! >> >> >> OUTPUTS: >> ======== >> R2#sh ip int brief >> Interface IP-Address OK? Method >> Status Protocol >> FastEthernet0/0 10.1.1.2 YES manual >> up up >> FastEthernet0/1 unassigned YES unset administratively >> down down >> Loopback0 192.168.2.2 YES manual >> up up >> Tunnel0 172.16.123.2 YES manual >> up up >> >> >> >> R2#sh ip ro >> Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP >> D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area >> N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 >> E1 - OSPF external type 1, E2 - OSPF external type 2 >> i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS >> level-2 >> ia - IS-IS inter area, * - candidate default, U - per-user static >> route >> o - ODR, P - periodic downloaded static route >> >> Gateway of last resort is not set >> >> 172.16.0.0/24 is subnetted, 1 subnets >> C 172.16.123.0 is directly connected, Tunnel0 >> 10.0.0.0/24 is subnetted, 1 subnets >> C 10.1.1.0 is directly connected, FastEthernet0/0 >> C 192.168.2.0/24 is directly connected, Loopback0 >> R2# >> >> >> >> R2#sh ip eigrp neighbors >> IP-EIGRP neighbors for process 123 >> H Address Interface Hold Uptime SRTT RTO Q >> Seq >> (sec) (ms) Cnt >> Num >> 0 172.16.123.1 Tu0 13 00:00:57 1 5000 2 0 >> R2# >> >> >> >> >> R2#sh ip eigrp interfaces >> IP-EIGRP interfaces for process 123 >> >> Xmit Queue Mean Pacing Time Multicast >> Pending >> Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer >> Routes >> Lo0 0 0/0 0 0/1 0 >> 0 >> Tu0 1 0/0 0 71/2524 50 >> 0 >> R2# >> >> R2#sh ip nhrp >> 172.16.123.1/32 via 172.16.123.1, Tunnel0 created 00:11:12, never expire >> Type: static, Flags: used >> NBMA address: 10.1.1.1 >> R2# >> >> >> R2#sh cry ipsec profile DMVPN >> IPSEC profile DMVPN >> Security association lifetime: 4608000 kilobytes/3600 seconds >> PFS (Y/N): N >> Transform sets={ >> TSET, >> } >> >> R2# >> >> >> R3 CONFIG: >> ========== >> >> crypto isakmp policy 10 >> authentication pre-share >> group 2 >> crypto isakmp key CISCO address 0.0.0.0 0.0.0.0 >> ! >> ! >> crypto ipsec transform-set TSET esp-aes esp-sha-hmac >> mode transport >> ! >> crypto ipsec profile DMVPN >> set transform-set TSET >> ! >> ! >> interface Loopback0 >> ip address 192.168.3.3 255.255.255.0 >> ! >> interface Tunnel0 >> ip address 172.16.123.3 255.255.255.0 >> no ip redirects >> ip mtu 1400 >> ip nhrp authentication cisco >> ip nhrp map 172.16.123.1 10.1.1.1 >> ip nhrp network-id 123 >> ip nhrp holdtime 360 >> ip nhrp nhs 172.16.123.1 >> ip nhrp cache non-authoritative >> ip nhrp shortcut >> tunnel source FastEthernet0/0 >> tunnel mode gre multipoint >> tunnel key 123 >> tunnel protection ipsec profile DMVPN >> ! >> interface FastEthernet0/0 >> ip address 10.1.1.3 255.255.255.0 >> duplex auto >> speed auto >> ! >> interface FastEthernet0/1 >> no ip address >> shutdown >> duplex auto >> speed auto >> ! >> router eigrp 123 >> network 172.16.0.0 >> network 192.168.3.0 >> no auto-summary >> ! >> router ospf 1 >> log-adjacency-changes >> ! >> router ospf 123 >> log-adjacency-changes >> network 10.1.1.3 0.0.0.0 area 0 >> ! >> ! >> ! >> >> >> OUTPUTS: >> ================ >> >> R3#sh ip ro >> Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP >> D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area >> N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 >> E1 - OSPF external type 1, E2 - OSPF external type 2 >> i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS >> level-2 >> ia - IS-IS inter area, * - candidate default, U - per-user static >> route >> o - ODR, P - periodic downloaded static route >> >> Gateway of last resort is not set >> >> 172.16.0.0/24 is subnetted, 1 subnets >> C 172.16.123.0 is directly connected, Tunnel0 >> 10.0.0.0/24 is subnetted, 1 subnets >> C 10.1.1.0 is directly connected, FastEthernet0/0 >> C 192.168.3.0/24 is directly connected, Loopback0 >> R3# >> >> >> >> >> R3#SH IP EIgrp interfaces >> IP-EIGRP interfaces for process 123 >> >> Xmit Queue Mean Pacing Time Multicast >> Pending >> Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer >> Routes >> Lo0 0 0/0 0 0/1 0 >> 0 >> Tu0 1 0/0 0 71/2524 50 >> 0 >> R3# >> >> >> R3#sh ip nhrp >> 172.16.123.1/32 via 172.16.123.1, Tunnel0 created 00:21:04, never expire >> Type: static, Flags: used >> NBMA address: 10.1.1.1 >> >> >> >> R3#sh crypto ipsec pro DMVPN >> IPSEC profile DMVPN >> Security association lifetime: 4608000 kilobytes/3600 seconds >> PFS (Y/N): N >> Transform sets={ >> TSET, >> } >> >> R3# >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
