RIP, EIGRP, OSPF, IS-IS, BGP, MPLS, VTP, STP.
krock83
New Member
Posts:
24
Joined:
Fri May 04, 2012 11:05 am
Certs:
CCNA

Routing tunnels

Fri May 11, 2012 12:32 pm

Hello

we are in process of replacing some very old routers in one of our data center, and I am running into issues with new tunnel configs. We are replacing our two core routers that are currently routing our tunnels Tunnel0 - Primary and Tunnel1 - secondary. On all of our remote sties currently we have both of those tunnels up and can see them in the EIGRP neighbor table. The two new ASR devices we pre-configured the same exact way just named the tunnels 900 and 901 (901 being the secondary tunnel). I have also pre-configured the new tunnels on all of our remote sites. Now when I do sh ip eigrp neig I see that I have tu0, 1, and 900 as neighbors, but I dont see the 901 backup tunnels in the neighboring table. The configurations are identical to the old pair the only thing that has changes id the tunnel IPs and tunnel name

NEW BACKUP ROUTER
Code: Select all
crypto isakmp policy 5
 encr aes 256
 group 2
crypto isakmp keepalive 10 3
!
!
crypto ipsec transform-set trans1 esp-aes 256 esp-sha-hmac
 mode transport require
no crypto ipsec nat-transparency udp-encapsulation
!
crypto ipsec profile vpnprof
 set transform-set trans1

interface Tunnel901
 description DMVPN_SECONDARY
 bandwidth 1000
 ip address 192.168.24.1 255.255.252.0
 no ip redirects
 ip mtu 1416
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 password
 ip bandwidth-percent eigrp 100 1000
 no ip split-horizon eigrp 100
 ip flow ingress
 ip flow egress
 ip nhrp authentication Turn901
 ip nhrp map multicast dynamic
 ip nhrp network-id 100901
 ip nhrp holdtime 360
 ip nhrp max-send 1000 every 10
 ip nhrp shortcut
 ip nhrp redirect
 ip tcp adjust-mss 1360
 delay 1000
 tunnel source GigabitEthernet0/0/1
 tunnel mode gre multipoint
 tunnel key 100901
 tunnel protection ipsec profile vpnprof

router eigrp 100
 network 172.XX.XX.0 0.0.0.255
 network 192.168.24.0 0.0.3.255
 offset-list 99 out 1000 GigabitEthernet0/0/0
 passive-interface default
 no passive-interface Tunnel901
 no passive-interface GigabitEthernet0/0/0
 eigrp router-id 172.xx.xx.xx


here is what I have on the remote sites for that tunnel

Code: Select all
int Tunnel901
description DMVPN Secondary Tunnel
bandwidth 1000
ip address 192.168.24.42 255.255.252.0
no ip redirects
ip mtu 1416
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 password
ip flow ingress
ip flow egress
ip nhrp authentication Turn901
ip nhrp map multicast 63.xx.xx.xx
ip nhrp map 192.168.24.1 63.xx.xx.xx
ip nhrp network-id 100901
ip nhrp holdtime 360
ip nhrp nhs 192.168.24.1
ip nhrp shortcut
ip nhrp redirect
ip tcp adjust-mss 1360
load-interval 30
delay 4000
tunnel source Loopback1
tunnel mode gre multipoint
tunnel key 100901
tunnel protection ipsec profile vpnprof

EIGRP-IPv4 Neighbors for AS(100)
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
2   192.168.20.1            Tu900             12 3d03h      47   282  0  4689
0   192.168.15.1            Tu0               85 1w1d      146   876  0  1297066
1   192.168.16.1            Tu1               14 4w2d       88   528  0  542386


I should be able to see tu901 on the neighbor list but I am not. Does anyone here know what the problem might be?

Thank you

justa2e2
New Member
Posts:
13
Joined:
Sat Apr 14, 2012 8:21 pm
Certs:
CCNA, Security +

Re: Routing tunnels

Fri May 11, 2012 12:58 pm

Ive only used GRE tunnels so I may be off here, but do you need a tunnel destination?

Sent from my DROID X2 using Tapatalk 2

User avatar
davidrothera
Ultimate Member
Posts:
992
Joined:
Thu Jan 13, 2011 5:10 pm
Certs:
CCIE R&S #38338, CCNP, CCIP

Re: Routing tunnels

Fri May 11, 2012 1:09 pm

Before worrying about EIGRP neighbourships, can you ping from end to end on the tunnel?
---
David
CCIE R&S #38338, CCIP, CCNP

http://networkbroadcast.co.uk - My Blog
http://twitter.com/davidrothera

krock83
New Member
Posts:
24
Joined:
Fri May 04, 2012 11:05 am
Certs:
CCNA

Re: Routing tunnels

Fri May 11, 2012 1:50 pm

Yes, I can ping from any site TU901 without any issues

User avatar
ristau5741
Post Whore
Posts:
10491
Joined:
Tue Aug 21, 2007 2:15 pm
Certs:
Instanity

Re: Routing tunnels

Fri May 11, 2012 2:32 pm

can you shut/no shut tunnel 901 ?
Tips of the day:
- The human mind is the ultimate creation invention.
- I have so many customers, my customers have customers.
- Sausage time
- POP, stack, and store

krock83
New Member
Posts:
24
Joined:
Fri May 04, 2012 11:05 am
Certs:
CCNA

Re: Routing tunnels

Fri May 11, 2012 2:40 pm

yes, when I do that nothing happens.
The only thing I see is that it is administratively down when I shut it down and comes back up when I do no shut, but I see no EIGRP adjacency's

User avatar
davidrothera
Ultimate Member
Posts:
992
Joined:
Thu Jan 13, 2011 5:10 pm
Certs:
CCIE R&S #38338, CCNP, CCIP

Routing tunnels

Fri May 11, 2012 4:09 pm

If you debug EIGRP packets do you see the hellos going down the Tu901 interface?

Does Tun901 show in a 'show ip EIGRP interfaces'?


Sent from my iPhone using Tapatalk
---
David
CCIE R&S #38338, CCIP, CCNP

http://networkbroadcast.co.uk - My Blog
http://twitter.com/davidrothera

'

Return to Cisco Routing and Switching

Who is online

Users browsing this forum: dgrizzard, Majestic-12 [Bot], Reggle, salehipour, SimonV, Yahoo [Bot] and 56 guests