(no subject)

From: Farrukh Haroon (farrukhharoon@gmail.com)
Date: Thu Jan 10 2008 - 17:57:54 ARST

• Next message: Scott Morris: "RE: 'Narbik Kocharians bootcamp feedbak ?"
• Previous message: sirus MOGHADASIAN: "Failed on 6 Jan,Dubai, I don't know why even now I have no"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello Steven

You could try these (in no specific order):

i) GRE Keep Alives (interface tunnel x >> keepalive n)
ii) Increasing the NHRP hold-time (if there is no restriction on the exam)
iii) IKE Dead Peer Detection (DPD) (crypto isakmp keepalive)

Let me know how it goes if you success with any of these solutions.

Regards

Farrukh

On Jan 10, 2008 9:31 PM, xiongxiaogang <xiongxg@msn.com> wrote:

> Hi,
> I configure dmvpn between one hub and two spokes, the tunnels of
> spoke-to-spoke and spoke-to-hub both work, but I found there is a weired
> problem, that is if I only ping from one spoke to the other spoke, it works
> normally, but meanwhile if I also ping a spoke to the hub, although tunnel
> is up normally, but the tunnel cannot keep up always, it becoming down when
> ip nhrp expires, and the worse is eigrp neighbor between hub and spoke is
> affected by the disconnect tunnel, when ip nhrp expires, eigrp neighbor
> between hub and spoke is down with the error message "*Jan 5 17:32:02.743:
> %CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet. (ip)
> vrf/dest_addr= /105.1.2.5, src_addr= 105.1.50.2, prot= 47..."
> when the eigrp neigbhor is down, even if you ping from spoke to hub,
> cannot enable tunnel up. so I have to go to spoke and shut/no shut tunnel
> interface to resolve it. but I do not think
> it is a good solution, considering in the real world, cannot always let
> the router administrator to login to the spoke router and shut/no shut
> tunnel interface to let the traffic between spokes and hub to go through,
> and in the lab exam, considering proctor maybe see the error message if he
> have ever ping from spoke to hub and provided you set the ip nhrp holdtime
> to 300 seconds, it is expected that the proctor will see the error message
> after 5 minutes and he know the eigrp neighbor is down.
>
> so I doubt the solution could be improved in some place, but I read a lot
> of dmvpn documents, including the long thread discuss about the dmvpn in the
> forum, but have no idea now, I am wondering who can throw me a light for it,
> I am very appreciate of it.
>
> Regards
> Steven
> _________________________________________________________________
> MSNJ%5.@qNo;pHH5G3!#,Cb7Q7"7EVP#,?l@4AlH!0I#!
> http://im.live.cn/emoticons/?ID=18

• Next message: Scott Morris: "RE: 'Narbik Kocharians bootcamp feedbak ?"
• Previous message: sirus MOGHADASIAN: "Failed on 6 Jan,Dubai, I don't know why even now I have no"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Feb 01 2008 - 10:37:58 ARST