Jump to content
Sign in to follow this  
steve1403

DMVPN tunnel not coming up with Cypto encryption

Recommended Posts

Hi All,

I am facing a problem where tunnel not coming up with tunnel protection along with tunnel vrf. without "tunnel protection" command the tunnel is getting up and eigrp neighborship is established. I am not sure if any command is missing. Below is the Configuration

 

R17

 

crypto isakmp policy 10

encr aes

authentication pre-share

group 2

crypto isakmp key CCIE address 0.0.0.0

!

!

crypto ipsec transform-set CCIEXFORM esp-aes

mode transport

!

crypto ipsec profile DMVPNPROFILE

set transform-set CCIEXFORM

 

 

interface Tunnel0

bandwidth 1000

ip address 123.20.1.25 255.255.255.248

no ip redirects

ip mtu 1400

no ip next-hop-self eigrp 45678

ip nhrp authentication 45678

ip nhrp map multicast dynamic

ip nhrp network-id 45678

ip nhrp holdtime 300

ip nhrp redirect

ip tcp adjust-mss 1380

delay 1000

tunnel source Ethernet0/0

tunnel mode gre multipoint

tunnel vrf LOCALSP

tunnel protection ipsec profile DMVPNPROFILE

 

 

 

 

 

R18

 

 

crypto isakmp policy 10

encr aes

authentication pre-share

group 2

crypto isakmp key CCIE address 0.0.0.0

!

!

crypto ipsec transform-set CCIEXFORM esp-aes

mode transport

!

crypto ipsec profile DMVPNPROFILE

set transform-set CCIEXFORM

 

 

 

interface Tunnel0

bandwidth 1000

ip address 123.20.1.26 255.255.255.248

no ip redirects

ip mtu 1400

ip nhrp authentication 45678

ip nhrp map multicast 203.3.17.2

ip nhrp map 123.20.1.25 203.3.17.2

ip nhrp network-id 45678

ip nhrp holdtime 300

ip nhrp nhs 123.20.1.25

ip nhrp shortcut

ip tcp adjust-mss 1380

delay 1000

tunnel source Serial1/0

tunnel mode gre multipoint

tunnel vrf LOCALSP

tunnel protection ipsec profile DMVPNPROFILE

Share this post


Link to post
Share on other sites

Try:

crypto keyring KR_DMVPN vrf LOCALSP

pre-shared-key address 0.0.0.0 key CCIE

 

instead of:

crypto isakmp key CCIE address 0.0.0.0

  • Like 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...