OSPF routing over DMVPN tunnel ...

Discussion in 'Cisco' started by Garry Glendown, Nov 14, 2003.

  1. Hi,

    just ran into another problem ...
    Finally got around to set up a remote router as destination for a backup
    connection through a DSL connection with dynamic IP. Regular GRE tunnel
    won't work of course due to the dynamic ip - anyway, I've had a GRE
    tunnel running with OSPF routing announcements by inserting the dynamic
    IP as tunnel destination - worked fine as long as the IP didn't change.

    Now, I have DMVPN set up, which seems to work so far (that is, I can
    ping the remote side of the tunnel from the router). Anyway, even though
    I have the DMVPN net listed in the "router ospf" part of the config, I
    do not get any announcements ... I've followed the config I found here
    http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080110ba1.html
    and here
    http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008019d6f7.shtml
    ....

    Here's part of the config of the hub router:

    interface Tunnel3
    ip address 192.168.63.65 255.255.255.240
    no ip redirects
    ip mtu 1416
    ip nhrp authentication vpn
    ip nhrp map multicast dynamic
    ip nhrp network-id 2001
    no ip route-cache
    ip ospf network broadcast
    no ip mroute-cache
    keepalive 10 3
    tunnel source Ethernet0/0
    tunnel mode gre multipoint
    tunnel key 2001
    tunnel protection ipsec profile mgre_ipsec
    !
    [..]
    router ospf 1
    log-adjacency-changes
    redistribute connected subnets
    redistribute static subnets
    network 192.168.63.64 0.0.0.15 area 0.0.0.0

    Anybody have an idea?

    Tnx, -gg
    Garry Glendown, Nov 14, 2003
    #1
    1. Advertising

  2. Garry Glendown, Nov 14, 2003
    #2
    1. Advertising

  3. Garry Glendown

    Scooby Guest

    Garry,

    I've been running this with EIGRP and it works really well. It seemed
    pretty quirky at first, but once I got everything figured out, it is a cool
    solution. As a side note... I found that if the interface on the remote
    end goes down and then comes back up, the tunnel "appears" to come back up,
    but no data is transferred. Once the lifecycle of the ipsec profile times
    out, then all 'usually' comes back fine. So, I've set the lifetime to a
    lower number.

    Anyway, about your question... Now, I'll admit that I'm pretty weak on
    ospf, but you have your area as 0.0.0.0 in your network statement - that
    doesn't seem right Have you tried running debug on OSPF on both sides to
    see if it is making any announcements and to what interfaces? Do you show
    the other router in your ospf neighbors table.

    Jim


    "Garry Glendown" <> wrote in message
    news:bp3eb4$j5v$...
    > Hi,
    >
    > just ran into another problem ...
    > Finally got around to set up a remote router as destination for a backup
    > connection through a DSL connection with dynamic IP. Regular GRE tunnel
    > won't work of course due to the dynamic ip - anyway, I've had a GRE
    > tunnel running with OSPF routing announcements by inserting the dynamic
    > IP as tunnel destination - worked fine as long as the IP didn't change.
    >
    > Now, I have DMVPN set up, which seems to work so far (that is, I can
    > ping the remote side of the tunnel from the router). Anyway, even though
    > I have the DMVPN net listed in the "router ospf" part of the config, I
    > do not get any announcements ... I've followed the config I found here
    >

    http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guid
    e09186a0080110ba1.html
    > and here
    >

    http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_examp
    le09186a008019d6f7.shtml
    > ...
    >
    > Here's part of the config of the hub router:
    >
    > interface Tunnel3
    > ip address 192.168.63.65 255.255.255.240
    > no ip redirects
    > ip mtu 1416
    > ip nhrp authentication vpn
    > ip nhrp map multicast dynamic
    > ip nhrp network-id 2001
    > no ip route-cache
    > ip ospf network broadcast
    > no ip mroute-cache
    > keepalive 10 3
    > tunnel source Ethernet0/0
    > tunnel mode gre multipoint
    > tunnel key 2001
    > tunnel protection ipsec profile mgre_ipsec
    > !
    > [..]
    > router ospf 1
    > log-adjacency-changes
    > redistribute connected subnets
    > redistribute static subnets
    > network 192.168.63.64 0.0.0.15 area 0.0.0.0
    >
    > Anybody have an idea?
    >
    > Tnx, -gg
    >
    Scooby, Nov 14, 2003
    #3
  4. Scooby wrote:

    > I've been running this with EIGRP and it works really well. It seemed


    Don't want to have to mix EIGRP and OSPF (which is used for our entire
    internal net including dialup routers) ... anyway, as posted later
    yesterday, OSPF started working shortly after ... no telling why ...

    > end goes down and then comes back up, the tunnel "appears" to come back up,
    > but no data is transferred. Once the lifecycle of the ipsec profile times
    > out, then all 'usually' comes back fine. So, I've set the lifetime to a
    > lower number.


    That might be an explaination ...

    > ospf, but you have your area as 0.0.0.0 in your network statement - that


    .... that's how we have it all over the network ...

    > doesn't seem right Have you tried running debug on OSPF on both sides to
    > see if it is making any announcements and to what interfaces? Do you show


    Yup - didn't see any incoming OSPF announcements at all ... anyway, I
    will be watching this closely for the next couple days ... see what
    happens ...

    Tnx, -garry
    Garry Glendown, Nov 15, 2003
    #4
  5. Garry Glendown

    Scooby Guest

    "Garry Glendown" <> wrote in message
    news:...
    > Scooby wrote:
    >
    > > I've been running this with EIGRP and it works really well. It seemed

    >
    > Don't want to have to mix EIGRP and OSPF (which is used for our entire
    > internal net including dialup routers) ... anyway, as posted later
    > yesterday, OSPF started working shortly after ... no telling why ...
    >


    Sorry, the point wasn't to tell you to use EIGRP, it was more to let you
    know that I am successfully running a routing protocol with this solution.

    > > end goes down and then comes back up, the tunnel "appears" to come back

    up,
    > > but no data is transferred. Once the lifecycle of the ipsec profile

    times
    > > out, then all 'usually' comes back fine. So, I've set the lifetime to a
    > > lower number.

    >
    > That might be an explaination ...
    >
    > > ospf, but you have your area as 0.0.0.0 in your network statement - that

    >
    > ... that's how we have it all over the network ...
    >
    > > doesn't seem right Have you tried running debug on OSPF on both sides

    to
    > > see if it is making any announcements and to what interfaces? Do you

    show
    >
    > Yup - didn't see any incoming OSPF announcements at all ... anyway, I
    > will be watching this closely for the next couple days ... see what
    > happens ...


    Yes, but what is equally important is to see if the devices are sending out
    announcements on the interfaces that you think they are. That helps to
    narrow down if it is an OSPF problem or a connection problem.

    >
    > Tnx, -garry
    >
    Scooby, Nov 15, 2003
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. E.Finlayson
    Replies:
    0
    Views:
    1,491
    E.Finlayson
    Sep 10, 2004
  2. a.nonny mouse
    Replies:
    2
    Views:
    1,056
  3. Replies:
    2
    Views:
    408
  4. Theo Markettos

    VOIP over VPN over TCP over WAP over 3G

    Theo Markettos, Feb 3, 2008, in forum: UK VOIP
    Replies:
    2
    Views:
    785
    Theo Markettos
    Feb 14, 2008
  5. davidls
    Replies:
    0
    Views:
    1,007
    davidls
    Mar 31, 2009
Loading...

Share This Page