The “show crypto isakmp sa” command displays all current Internet Key Exchange (IKE) security associations (SAs) at a peer. NHRP can only work properly with operating GRE tunnels. GRE tunnels are the first thing we have to configure to create a DMVPN network so we should start troubleshooting from there. Unlike classic GRE tunnels, the tunnel destination for a mGRE tunnel does not have to be configured and all tunnels on Spokes connecting to mGRE interface of the Hub can use the same subnet. One mGRE can handle multiple GRE tunnels at the other ends.
Otherwise we have to create many tunnel interfaces, each can only communicate to one site.Īn mGRE tunnel inherits the concept of a classic GRE tunnel but an mGRE tunnel does not require a unique tunnel interface for each connection between Hub and spoke like traditional GRE. To allow communication to multiple sites using only one tunnel interface, we need to configure that tunnel in “multipoint” mode.
+ Dynamic Routing Protocol (EIGRP, RIP, OSPF, BGP…) (optional)įor more information about DMVPN, please read our DMVPN tutorial.
In order to resolve this problem, make sure the neighborship between the routers is always up.ĭMVPN is not a protocol, it is the combination of the following technologies: When DMVPN tunnels flap, check the neighborship between the routers as issues with neighborship formation between routers may cause the DMVPN tunnel to flap. The “authoritative” flag means that the NHRP information was obtained from the Next Hop Server (NHS). Type “static” means NBMA address is statically configured.
Type “dynamic” means NBMA address was obtained from NHRP Request packet. Note: If you are not sure about DMVPN, please read our DMVPN tutorial first.įrom the output we learn that the logical address 10.2.1.2 is mapped to the NBMA address 10.12.1.2.
0 kommentar(er)
