Al
Guest
|
 Posted: Thu Jan 24, 2008 10:44 am Post subject: DMVPN crypto map disappearing? |
 |
|
Hi all,
We have implemented a small DMVPN network (1 hub + 3 spokes, going to
get bigger) using 877s at all sites (not my choice of platform, what
the customer would pay for). It seemed to be working fine, but
occasionally a couple of the spokes drop out completely & don't come
back. Looking into it, I found that if I do a 'sh crypto map', there
is no output from the spokes that are down, as opposed to the usual
"Tunnel0-head-0" output. One way of restoring connectivity is to do:
!
conf t
int t0
no tunnel protection ...
tunnel protection ...
!
I presume that reloading the router might have the same effect, but
have been unable to test this yet as the routers are still in use &
running over the backup circuits.
The only difference I can see between the sites that stay up & the
ones which go down is that the ones with problems also have a
statically defined IPSec VPN to another site. i.e. the mGRE tunnel has
IPSec protection configured, with a source of Dialer0, and Dialer0
also has a crypto map applied to it for connectivity to a site that is
not yet on the DMVPN network.
I don't want to go into detailed config yet, but it is exaclty as I
have found documented on cisco.com & other sites, jsut with a
'traditional' vpn configured as well.
My question to the group is - has anyone else encountered this problem
& do they have any suggestions for a work around?
(while we could reconfigure network to use ezvpn/static vpn tunnels,
we want to try to get the DMVPN working properly!) |
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Private messages
Log in
