I cannot get your topology, but anyway in DMVPN Phase 2 the spoke will always send some initial packets through the hub and then tries to set up direct spoke-to-spoke tunnel. If this is not possible the traffic will go thru the hub all the time.
Regards, Piotr 2012/3/31 Mike Rojas <[email protected]> > Hello All, > > So this is something fun, check this out: > > Router 1 (Hub) 172.1.0.1 > | > 172.1.0.2 | > Router2 (Spoke ASA > | > | > IPS > | > Router6 > 172.1.0.4 | > Router4(Spoke) | > > So I was playing around and said, hey in Phase 2, it requires the spokes > to create on demand tunnels without having to pass across the hub right, > so, I am going to play mean and wont let the ASA to pass that traffic. > Then, I tried to ping from Router 2 to the protected network on Router 4 it > worked..... I was like .... well, this is a bitter disappointment, however, > it did try to build the tunnel, it didnt care, but instead I am assuming > that it went to the hub and relay the traffic there. Here are the outputs: > > Router2 > > 44.0.0.0/24 is subnetted, 1 subnets > D 44.44.44.0 [90/28288000] via 172.1.0.4, 00:01:40, Tunnel0 > > > IPv4 Crypto ISAKMP SA > dst src state conn-id status > 192.168.3.11 192.168.4.11 QM_IDLE 2002 ACTIVE > 192.168.64.4 192.168.4.11 MM_NO_STATE 0 ACTIVE<--------------- > > It is in case if you guys have any comments or can explain it better, cuz > this clearly kills my theory of how this works... :P > > Cheers, > > Mike > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
