VRF Aware DMVPN

Hi,

For all of these DMVPN Tasks, I have being building them in sections. i.e. First build the tunnels, then build the IGP, then build the IPSec and add it to the tunnel.

At all stages I have been able to test the tunnel connectivity. So for example after I build up the tunnels in the previous questions with R1-R4 being spokes and R5 being the hub, I can ping all tunnel addresses such as 155.1.0.1 - 5 on all DMVPN Routers. Then I can continue with the IGPs and IPSEC also and still all would be fine.

On this task however, when I build the tunnels - I cannont get R5 to ping R6 and vice versa. So neither of them will ping 155.1.0.5 or 155.1.0.6. They can ping their own Interfaces alright. I have the VRFs setup correctly and am following the solutions guide also.

If I issue sh dmvpn on both routers, R5 can see R6 but its NEVER established. R6 sees nothing??

In this task, is it any different to the others. Do I have to have the IGP and the IPSEC sections built before the basic VRF section will work? I woulnd't of thought so but Im having no luck with this task at all :o - a little stumped at this stage. I've shut the tunnels down and unshut them many times, but I just keep getting the same results. R5 and R6 can ping each other via the VRF no problems i.e. (6.6.6.6 and 155.1.45.5) but I can't get any connectivity between 155.1.0.5 and 155.1.0.6????

Any help would be appreciated...

Thanks,
Ian. 

Comments

  • I created this task again from scratch, and again it failed to operate correctly at first.
    But I noticed that on some of the routers I had to change the tunnel source from pointing at an Interface Name instead to point to a specific IP Address...

    So for example instead of:

    Tunnel source Loopback6 - I had to change this to Tunnel source 6.6.6.6 - then bounce the tunnels and then they would work... changed it back to Loopback 6 and again it would fail to come up...

    Rgds,
    Ian. 

  • Hi, yes I've seen this issue before when I was first learning DMVPN.
    I remember putting in an Interface Name and it wouldn't work and then I put in an IP and it did. Yet I've heard people say you should always put the Interface Name in and not an IP?? Oh well whatever works I suppose... Could be the software alright...

     

    I'm running a batch of CSRs on ESX..

     

    Cheers,

    Ian. 

  • Hi Ian,

     

    thanks for this. Was stuck here as well...

     

    BR,

    Tim

Sign In or Register to comment.