We help IT Professionals succeed at work.

Urgent!!! - DMVPN Tunnel is Down and I can't seem to bring back up!

chunjo
chunjo asked
on
4,489 Views
Last Modified: 2009-03-30
I can't seem to get my VPN Tunnel back up after a migration test I perform earlier today.  After completing the project and I put back all the configuration I seem have lost my VPN Connection.  I have a 192.168.0.0 /23 network.  My spoke sites have a 192.168.x.x /24 address scheme.  I've tried performing the following commands:

clear crypto isakmp
clear crypto sa

When I attempt to show the crypto isakmp sa, this is what I get:

CCBQ_2821#sh crypto isakmp sa
dst             src             state          conn-id slot status
208.125.12.116  64.115.135.170  QM_IDLE            524    0 ACTIVE
64.115.135.170  64.115.161.34   QM_IDLE            558    0 ACTIVE
64.115.135.170  64.61.147.90    MM_NO_STATE        521    0 ACTIVE (deleted)
64.115.135.170  64.61.82.234    QM_IDLE            583    0 ACTIVE
64.115.161.138  64.115.135.170  MM_NO_STATE          0    0 ACTIVE (deleted)
64.115.161.138  64.115.135.170  MM_NO_STATE        497    0 ACTIVE (deleted)
64.115.135.170  64.115.168.98   QM_IDLE            520    0 ACTIVE
64.115.135.170  64.115.231.42   MM_NO_STATE        557    0 ACTIVE (deleted)
64.61.145.114   64.115.135.170  QM_IDLE            496    0 ACTIVE
68.236.190.45   64.115.135.170  MM_NO_STATE          0    0 ACTIVE (deleted)
64.115.135.170  68.236.190.52   QM_IDLE           1925    0 ACTIVE
24.190.35.158   64.115.135.170  MM_NO_STATE          0    0 ACTIVE
64.115.135.170  64.115.160.82   MM_NO_STATE        476    0 ACTIVE (deleted)
64.115.135.170  68.195.226.162  QM_IDLE            588    0 ACTIVE
71.249.139.123  64.115.135.170  MM_NO_STATE          0    0 ACTIVE (deleted)
64.115.135.170  64.115.168.122  QM_IDLE            567    0 ACTIVE
64.115.231.42   64.115.135.170  MM_NO_STATE          0    0 ACTIVE (deleted)
64.115.135.170  64.61.15.106    QM_IDLE            505    0 ACTIVE
64.115.135.170  64.115.170.186  MM_NO_STATE        553    0 ACTIVE (deleted)
64.115.135.170  24.186.180.151  QM_IDLE            585    0 ACTIVE
64.115.135.170  64.115.168.70   QM_IDLE            534    0 ACTIVE
64.115.161.10   64.115.135.170  MM_NO_STATE        575    0 ACTIVE (deleted)
dst             src             state          conn-id slot status

69.112.198.28   64.115.135.170  QM_IDLE            578    0 ACTIVE
69.122.13.237   64.115.135.170  QM_IDLE            570    0 ACTIVE
64.115.135.170  64.61.145.162   MM_NO_STATE        533    0 ACTIVE (deleted)
64.115.135.170  64.115.18.82    QM_IDLE            562    0 ACTIVE
24.185.242.242  64.115.135.170  QM_IDLE            596    0 ACTIVE
64.115.135.170  68.195.227.42   QM_IDLE            522    0 ACTIVE
64.115.135.170  68.236.190.35   QM_IDLE           1920    0 ACTIVE
208.125.10.140  64.115.135.170  QM_IDLE            571    0 ACTIVE
208.125.10.140  64.115.135.170  MM_NO_STATE        467    0 ACTIVE (deleted)
64.115.135.170  208.125.12.64   MM_NO_STATE        517    0 ACTIVE (deleted)
64.115.135.170  64.61.151.42    MM_SA_SETUP        580    0 ACTIVE
64.115.135.170  64.61.151.42    MM_NO_STATE        548    0 ACTIVE (deleted)
64.115.135.170  64.61.151.42    MM_NO_STATE        506    0 ACTIVE (deleted)
24.103.16.145   64.115.135.170  MM_NO_STATE          0    0 ACTIVE (deleted)
64.115.135.170  69.122.13.237   MM_NO_STATE        456    0 ACTIVE (deleted)
64.115.135.170  24.184.166.192  QM_IDLE            541    0 ACTIVE
64.115.135.170  64.115.117.66   QM_IDLE            503    0 ACTIVE
208.125.10.178  64.115.135.170  MM_NO_STATE          0    0 ACTIVE (deleted)
64.115.135.170  208.105.94.220  QM_IDLE            592    0 ACTIVE
64.115.135.170  72.43.97.142    QM_IDLE            594    0 ACTIVE
64.115.135.170  24.103.23.181   QM_IDLE            590    0 ACTIVE
64.115.135.170  69.112.198.28   MM_NO_STATE        480    0 ACTIVE (deleted)
64.115.162.194  64.115.135.170  MM_NO_STATE          0    0 ACTIVE (deleted)
24.39.155.151   64.115.135.170  QM_IDLE            551    0 ACTIVE
64.115.135.170  64.61.94.122    MM_NO_STATE        463    0 ACTIVE (deleted)
64.115.135.170  24.190.35.158   MM_NO_STATE        486    0 ACTIVE (deleted)
64.115.135.170  208.125.31.220  QM_IDLE            569    0 ACTIVE
208.105.94.252  64.115.135.170  MM_NO_STATE          0    0 ACTIVE (deleted)
64.115.135.170  24.185.242.242  MM_NO_STATE        492    0 ACTIVE (deleted)
64.115.135.170  24.89.144.234   QM_IDLE            540    0 ACTIVE
64.115.160.82   64.115.135.170  MM_NO_STATE          0    0 ACTIVE (deleted)
64.61.116.66    64.115.135.170  MM_NO_STATE          0    0 ACTIVE (deleted)
64.61.147.90    64.115.135.170  MM_NO_STATE          0    0 ACTIVE (deleted)
69.112.197.119  64.115.135.170  MM_NO_STATE          0    0 ACTIVE (deleted)
64.115.135.170  64.115.125.226  MM_NO_STATE        494    0 ACTIVE (deleted)
24.105.136.6    64.115.135.170  QM_IDLE            597    0 ACTIVE
64.115.135.170  64.61.166.82    QM_IDLE            572    0 ACTIVE
64.115.135.170  24.103.26.227   QM_IDLE            552    0 ACTIVE
72.43.98.2      64.115.135.170  QM_IDLE            574    0 ACTIVE
72.43.98.2      64.115.135.170  MM_NO_STATE        470    0 ACTIVE (deleted)
64.115.135.170  64.115.194.58   QM_IDLE            518    0 ACTIVE
68.195.237.122  64.115.135.170  MM_NO_STATE        498    0 ACTIVE (deleted)
64.115.135.170  64.115.160.2    MM_NO_STATE        495    0 ACTIVE (deleted)
dst             src             state          conn-id slot status

64.115.135.170  208.125.11.45   QM_IDLE            581    0 ACTIVE
64.61.161.58    64.115.135.170  MM_NO_STATE        545    0 ACTIVE (deleted)
64.115.135.170  64.115.161.114  QM_IDLE            564    0 ACTIVE
64.115.135.170  64.61.124.24    QM_IDLE           1124    0 ACTIVE
64.115.135.170  24.190.200.202  MM_NO_STATE        509    0 ACTIVE (deleted)
64.115.135.170  64.115.161.2    QM_IDLE            523    0 ACTIVE
64.115.135.170  64.61.165.82    MM_NO_STATE        537    0 ACTIVE (deleted)
64.115.135.170  69.112.197.119  MM_NO_STATE        516    0 ACTIVE (deleted)
64.115.135.170  68.236.190.124  QM_IDLE           1919    0 ACTIVE
64.115.135.170  208.125.13.157  QM_IDLE            535    0 ACTIVE
64.115.135.170  64.115.163.18   MM_NO_STATE        510    0 ACTIVE (deleted)
64.61.187.106   64.115.135.170  MM_NO_STATE          0    0 ACTIVE (deleted)
64.115.135.170  71.249.196.183  QM_IDLE           1823    0 ACTIVE
64.115.160.34   64.115.135.170  MM_NO_STATE          0    0 ACTIVE (deleted)
64.115.135.170  64.115.197.178  MM_NO_STATE        458    0 ACTIVE (deleted)
72.43.174.118   64.115.135.170  MM_NO_STATE        544    0 ACTIVE (deleted)
72.43.174.118   64.115.135.170  MM_NO_STATE        483    0 ACTIVE (deleted)
64.115.135.170  64.61.166.58    QM_IDLE            519    0 ACTIVE
64.115.135.170  71.249.139.123  MM_NO_STATE        525    0 ACTIVE (deleted)
64.115.135.170  64.115.193.26   MM_NO_STATE        563    0 ACTIVE (deleted)
64.115.135.170  64.115.197.234  MM_NO_STATE        489    0 ACTIVE (deleted)
64.115.135.170  208.105.94.252  MM_NO_STATE        515    0 ACTIVE (deleted)
64.115.135.170  24.105.131.100  MM_NO_STATE        466    0 ACTIVE (deleted)
64.115.135.170  64.61.124.77    QM_IDLE           1298    0 ACTIVE
64.115.135.170  208.125.28.237  QM_IDLE            565    0 ACTIVE
64.115.135.170  24.105.131.162  QM_IDLE            586    0 ACTIVE
64.115.135.170  24.105.136.6    MM_NO_STATE        508    0 ACTIVE (deleted)
64.115.135.170  64.61.161.58    QM_IDLE            554    0 ACTIVE
64.115.135.170  64.61.161.58    MM_NO_STATE        420    0 ACTIVE (deleted)
64.115.135.170  208.125.10.178  MM_NO_STATE        530    0 ACTIVE (deleted)
64.115.135.170  64.115.161.146  MM_NO_STATE        550    0 ACTIVE (deleted)
64.115.161.146  64.115.135.170  QM_IDLE            587    0 ACTIVE
64.115.135.170  72.43.103.220   QM_IDLE            549    0 ACTIVE
64.115.135.170  64.61.30.154    QM_IDLE            560    0 ACTIVE
64.115.135.170  64.115.193.34   QM_IDLE            542    0 ACTIVE
64.115.135.170  24.105.141.72   QM_IDLE            584    0 ACTIVE
24.188.134.222  64.115.135.170  MM_NO_STATE          0    0 ACTIVE (deleted)
24.188.134.222  64.115.135.170  MM_NO_STATE        500    0 ACTIVE (deleted)
64.115.163.26   64.115.135.170  MM_NO_STATE        538    0 ACTIVE (deleted)
64.115.135.170  64.115.10.26    MM_NO_STATE        502    0 ACTIVE (deleted)
64.115.135.170  24.103.27.221   MM_KEY_EXCH        577    0 ACTIVE
64.115.135.170  24.185.51.245   QM_IDLE            559    0 ACTIVE
64.115.135.170  24.105.138.143  QM_IDLE            555    0 ACTIVE
dst             src             state          conn-id slot status

64.115.170.186  64.115.135.170  MM_NO_STATE          0    0 ACTIVE (deleted)
64.115.197.178  64.115.135.170  QM_IDLE            556    0 ACTIVE
64.115.197.178  64.115.135.170  MM_NO_STATE        546    0 ACTIVE (deleted)
64.115.135.170  24.105.134.149  QM_IDLE            531    0 ACTIVE
64.115.135.170  64.61.151.50    MM_NO_STATE        507    0 ACTIVE (deleted)
64.115.135.170  64.115.161.242  QM_IDLE            566    0 ACTIVE
64.61.94.122    64.115.135.170  MM_NO_STATE          0    0 ACTIVE (deleted)
64.115.160.2    64.115.135.170  MM_NO_STATE        576    0 ACTIVE (deleted)
64.61.145.162   64.115.135.170  MM_NO_STATE          0    0 ACTIVE (deleted)
64.115.135.170  24.103.16.145   MM_NO_STATE        532    0 ACTIVE (deleted)
64.115.135.170  24.39.124.23    QM_IDLE            589    0 ACTIVE
64.115.197.234  64.115.135.170  MM_NO_STATE          0    0 ACTIVE (deleted)
208.125.12.64   64.115.135.170  QM_IDLE            598    0 ACTIVE
24.190.200.202  64.115.135.170  MM_NO_STATE          0    0 ACTIVE (deleted)
64.115.193.26   64.115.135.170  MM_NO_STATE          0    0 ACTIVE (deleted)
64.115.125.226  64.115.135.170  MM_NO_STATE        582    0 ACTIVE (deleted)
64.115.135.170  72.43.96.101    QM_IDLE            573    0 ACTIVE
64.115.135.170  24.39.155.151   MM_NO_STATE        465    0 ACTIVE (deleted)
64.115.135.170  64.61.116.66    MM_NO_STATE        536    0 ACTIVE (deleted)
64.115.135.170  68.236.190.45   MM_NO_STATE        478    0 ACTIVE (deleted)
64.115.135.170  72.43.169.60    MM_NO_STATE        488    0 ACTIVE (deleted)
64.115.135.170  24.39.124.65    QM_IDLE            579    0 ACTIVE
64.115.135.170  70.107.244.4    MM_NO_STATE        195    0 ACTIVE (deleted)
24.105.131.100  64.115.135.170  QM_IDLE            543    0 ACTIVE
64.115.135.170  64.61.112.242   QM_IDLE           1850    0 ACTIVE
70.107.244.4    64.115.135.170  MM_NO_STATE          0    0 ACTIVE (deleted)
64.115.135.170  64.115.78.146   QM_IDLE            591    0 ACTIVE
64.115.187.146  64.115.135.170  MM_NO_STATE          0    0 ACTIVE (deleted)
64.115.187.146  64.115.135.170  MM_NO_STATE        493    0 ACTIVE (deleted)
208.105.91.67   64.115.135.170  QM_IDLE            526    0 ACTIVE
24.105.130.113  64.115.135.170  MM_NO_STATE          0    0 ACTIVE (deleted)
64.115.135.170  64.115.162.194  MM_NO_STATE        514    0 ACTIVE (deleted)
64.115.135.170  72.43.169.53    QM_IDLE            593    0 ACTIVE
64.115.135.170  64.61.13.202    QM_IDLE           1912    0 ACTIVE
64.115.135.170  208.105.94.214  QM_IDLE            561    0 ACTIVE
64.115.135.170  24.103.23.135   QM_IDLE            547    0 ACTIVE
64.115.135.170  208.125.11.48   QM_IDLE            595    0 ACTIVE
64.115.135.170  64.115.161.10   MM_NO_STATE        475    0 ACTIVE (deleted)
64.115.135.170  24.105.130.113  MM_NO_STATE        472    0 ACTIVE (deleted)
64.115.135.170  64.61.187.106   MM_NO_STATE        568    0 ACTIVE (deleted)
64.61.151.50    64.115.135.170  MM_NO_STATE          0    0 ACTIVE (deleted)

It appear the the Tunnel is flapping.  I'm not sure how to resolve this issue.



version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname 2821
!
boot-start-marker
boot system flash flash:c2800nm-advipservicesk9-mz.124-10b.bin
boot-end-marker
!
security authentication failure rate 3 log
logging count
logging buffered 51200 warnings
no logging console
enable secret 5 $1$TFNT$LIV7qzTmwky9.GeFjfLlb/
!
aaa new-model
!
!
aaa authentication login VTY local
aaa authentication login CON local
aaa authentication login REMOTE local
aaa authorization network VPNCLIENT local 
!
aaa session-id common
clock timezone EST -5
clock summer-time EDT recurring
no ip source-route
ip tcp synwait-time 10
!
!
ip cef
ip dhcp database url timeout 60
!
!
no ip bootp server
no ip domain lookup
ip domain name CCBQ.org
ip name-server 4.2.2.1
ip ssh time-out 60
ip inspect name INET tcp alert off audit-trail on
ip inspect name INET udp alert off audit-trail on
ip inspect name INET icmp alert off audit-trail on
ip urlfilter exclusive-domain deny www.myspace.com
ip urlfilter audit-trail
ip urlfilter server vendor n2h2 www.myspace.com outside
!
!
voice-card 0
 no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-2748599135
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2748599135
 revocation-check none
 rsakeypair TP-self-signed-2748599135
!
!
crypto pki certificate chain TP-self-signed-2748599135
 certificate self-signed 01
  3082024A 308201B3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 32373438 35393931 3335301E 170D3037 30333331 31363430 
  34395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 37343835 
  39393133 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
  8100C7F6 60544E09 D756045B 0219ED6B 1DA5EF7C 61370654 E45B5944 94C512A0 
  E867305A 4D8DF460 C6A25B9E 629739D9 18A96E37 107D0DA5 85E99000 446A87DD 
  7C6302B0 042A6684 447C69FD 5955D525 F883A063 60373435 2FAD22B4 546E23EE 
  203757B2 57B409E7 5C272B93 93B4D64E 328B84DD 82363243 0552D646 CB4F3886 
  A8FD0203 010001A3 72307030 0F060355 1D130101 FF040530 030101FF 301D0603 
  551D1104 16301482 12434342 515F3238 32312E43 4342512E 6F726730 1F060355 
  1D230418 30168014 00FF5A04 25652982 46A3B455 9599E646 39BDD6DC 301D0603 
  551D0E04 16041400 FF5A0425 65298246 A3B45595 99E64639 BDD6DC30 0D06092A 
  864886F7 0D010104 05000381 8100155C 4477F774 B7BA63F1 0D8A21A1 0C102212 
  183D664D C3950C5D 0943A1BF 1C7C3919 5AF64F79 C8269247 C1F8B44D BCBB73EC 
  C3415CB6 8614F81D 4D78A29D D1D5601B 1673930C 739F4858 8AE27AC1 4E1F8DC5 
  297C7568 67622F5B D5895A02 F7D1FD23 388DAE55 8A02FB7B 541A0530 613FEBD3 
  2CC600E8 9C15DFFC A4BA12B7 6A6F
  quit
username XXXX privilege 15 secret 5 $1$eIfj$wd6o7fYXVrG/vtQFGiTUh0
 
! 
crypto keyring ccbq-dmvpn 
  pre-shared-key address 0.0.0.0 0.0.0.0 key XXXXXXX
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 5
!
crypto isakmp policy 10
 encr 3des
 authentication pre-share
 group 2
crypto isakmp keepalive 10
!
crypto isakmp client configuration group ccbq-vpn
 key 3cc2bq3
 dns 192.168.1.2
 domain ccbq.org
 pool REMOTE
crypto isakmp profile DMVPN
   keyring ccbq-dmvpn
   match identity address 0.0.0.0 
crypto isakmp profile ccbq-vpn-client
   match identity group ccbq-vpn
   client authentication list REMOTE
   isakmp authorization list VPNCLIENT
   client configuration address respond
!
!
crypto ipsec transform-set ccbq-set esp-3des esp-sha-hmac 
!
crypto ipsec profile ccbq-profile
 set transform-set ccbq-set 
 set isakmp-profile DMVPN
!
!
crypto dynamic-map ccbq-dyn 10
 set transform-set ccbq-set 
 set isakmp-profile ccbq-vpn-client
!
!
crypto map ccbq-map 10 ipsec-isakmp dynamic ccbq-dyn 
!
!
!
!
interface Loopback128
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 shutdown
!
interface Tunnel255
 description Connection to Primary DMVPN
 bandwidth 4632
 ip address 192.168.255.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip accounting access-violations
 ip mtu 1416
 ip nbar protocol-discovery
 ip nat inside
 ip nhrp authentication ccbqn#rp
 ip nhrp map multicast dynamic
 ip nhrp network-id 255
 ip nhrp holdtime 300
 ip virtual-reassembly
 ip route-cache flow
 no ip split-horizon eigrp 255
 tunnel source Multilink1
 tunnel mode gre multipoint
 tunnel key 255
 tunnel protection ipsec profile ccbq-profile
 hold-queue 1024 in
!
interface Null0
 no ip unreachables
!
interface Multilink1
 description WAN Connection$FW_OUTSIDE$
 ip address 64.115.135.170 255.255.255.252
 ip verify unicast reverse-path
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip accounting access-violations
 ip nbar protocol-discovery
 ip flow ingress
 ip nat outside
 ip virtual-reassembly
 no ip route-cache cef
 no ip mroute-cache
 no cdp enable
 ppp multilink
 ppp multilink group 1
 crypto map ccbq-map
!
interface GigabitEthernet0/0
 description connected to CCBQ Internal LAN$ETH-LAN$$FW_INSIDE$
 ip address 192.168.1.19 255.255.254.0
 ip access-group 102 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip accounting access-violations
 ip nbar protocol-discovery
 ip nat inside
 ip virtual-reassembly
 no ip route-cache cef
 no ip route-cache
 ip tcp adjust-mss 1350
 ip policy route-map clear-df
 duplex auto
 speed auto
 no cdp enable
 no mop enabled
!
interface GigabitEthernet0/1
 description connect to CCBQ Interal LAN$FW_ETH0/2$
 ip address 192.168.192.1 255.255.254.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip accounting access-violations
 ip nbar protocol-discovery
 ip nat inside
 ip virtual-reassembly
 no ip route-cache cef
 ip route-cache flow
 ip policy route-map clear-df
 shutdown
 duplex full
 speed 100
 no cdp enable
 no mop enabled
!
interface Serial0/0/0
 bandwidth 4632
 no ip address
 ip access-group 100 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 encapsulation ppp
 ip route-cache flow
 no ip mroute-cache
 no fair-queue
 no cdp enable
 ppp multilink
 ppp multilink group 1
!
interface Serial0/1/0
 bandwidth 4632
 no ip address
 ip access-group 100 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 encapsulation ppp
 ip route-cache flow
 no ip mroute-cache
 no fair-queue
 no cdp enable
 ppp multilink
 ppp multilink group 1
!
interface Serial0/2/0
 bandwidth 4632
 no ip address
 ip access-group 100 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 encapsulation ppp
 ip route-cache flow
 no ip mroute-cache
 no fair-queue
 no cdp enable
 ppp multilink
 ppp multilink group 1
!
interface Serial0/3/0
 bandwidth 1544
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 no ip mroute-cache
 shutdown
 no fair-queue
 service-module t1 timeslots 1-24
 no cdp enable
!
router eigrp 255
 redistribute static
 passive-interface GigabitEthernet0/0
 network 172.168.0.0
 network 192.168.1.0
 network 192.168.0.0 0.0.1.255
 network 192.168.255.0
 network 192.168.0.0 0.0.255.255
 no auto-summary
!
ip local pool REMOTE 192.168.252.1 192.168.252.254
ip forward-protocol udp 5120
ip route 0.0.0.0 0.0.0.0 64.115.135.169
ip route 66.200.154.167 255.255.255.255 64.115.135.169
ip route 67.100.227.128 255.255.255.255 64.115.135.169
ip route 192.168.0.16 255.255.255.255 GigabitEthernet0/0
!
ip flow-capture packet-length
ip flow-capture icmp
ip flow-capture ip-id
ip flow-capture mac-addresses
ip flow-top-talkers
 top 10
 sort-by packets
!
no ip http server
ip http access-class 3
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source route-map NAT interface Multilink1 overload
!
ip access-list extended TELNET
 permit tcp any any eq telnet
!
logging trap debugging
logging 192.168.1.13
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 63.117.181.64 0.0.0.63
access-list 2 permit 0.0.0.0
access-list 3 remark HTTP Access-class list
access-list 3 remark SDM_ACL Category=1
access-list 3 permit 192.168.0.0 0.0.1.255
access-list 3 deny   any
access-list 100 permit tcp any any eq telnet
access-list 100 deny   ip 64.69.124.128 0.0.0.15 any
access-list 100 deny   ip 64.69.124.144 0.0.0.15 any
access-list 100 deny   ip 172.16.0.0 0.15.255.255 any
access-list 100 deny   ip 10.0.0.0 0.255.255.255 any
access-list 100 permit icmp any any
access-list 100 permit tcp any host 64.69.124.129 established
access-list 100 permit tcp any host 64.69.124.130 established
access-list 100 permit esp any any
access-list 100 permit gre any any
access-list 100 permit udp any any eq isakmp
access-list 100 permit udp any any eq non500-isakmp
access-list 100 permit tcp any host 64.69.124.129 eq 22
access-list 100 permit tcp any host 64.69.124.130 eq 22
access-list 100 permit icmp any any echo-reply
access-list 100 permit icmp any any time-exceeded
access-list 100 permit udp host 128.118.46.3 host 64.69.124.129 eq ntp
access-list 100 permit tcp any any eq 5120
access-list 100 deny   tcp any eq www host 64.69.124.129
access-list 100 deny   ip any any
access-list 101 deny   ip host 192.168.1.255 any
access-list 101 deny   ip host 192.168.20.255 any
access-list 101 deny   ip any 192.168.0.0 0.0.255.255
access-list 101 deny   ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 101 permit ip host 192.168.1.91 any
access-list 101 permit ip host 192.168.1.177 any
access-list 101 permit ip 192.168.0.0 0.0.255.255 any
access-list 101 permit ip 172.168.1.0 0.0.0.255 any
access-list 102 permit tcp any any eq 25000
access-list 102 permit tcp any eq 25000 any
access-list 102 permit udp any eq 5120 any
access-list 102 permit udp any any eq 5120
access-list 102 permit tcp any any eq 5120
access-list 102 permit tcp any eq 5120 any
access-list 102 permit udp any eq 7766 any
access-list 102 permit udp any any eq 7766
access-list 102 permit tcp any any eq 7766
access-list 102 permit tcp any eq 7766 any
access-list 102 permit udp any eq 4750 any
access-list 102 permit udp any any eq 4750
access-list 102 permit tcp any any eq 4750
access-list 102 permit tcp any eq 4750 any
access-list 102 permit tcp any any eq smtp
access-list 102 permit tcp any eq smtp any
access-list 102 permit tcp any host 64.115.135.170 eq smtp log
access-list 102 permit tcp host 192.168.1.3 host 192.168.0.8 eq smtp
access-list 102 permit tcp host 192.168.0.8 host 192.168.1.3 eq smtp
access-list 102 permit ip 192.168.0.0 0.0.255.255 any
access-list 103 remark VTY Access-class list
access-list 103 remark SDM_ACL Category=1
access-list 103 permit ip 192.168.0.0 0.0.1.255 any
access-list 103 deny   ip any any
access-list 199 permit tcp any host 192.168.1.3 eq smtp
snmp-server community <removed> RO
snmp-server community ccbq_ro RO
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps vrrp
snmp-server enable traps ds1
snmp-server enable traps tty
snmp-server enable traps eigrp
snmp-server enable traps xgcp
snmp-server enable traps flash insertion removal
snmp-server enable traps ds3
snmp-server enable traps envmon
snmp-server enable traps icsudsu
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server enable traps ds0-busyout
snmp-server enable traps ds1-loopback
snmp-server enable traps atm subif
snmp-server enable traps bgp
snmp-server enable traps bulkstat collection transfer
snmp-server enable traps cnpd
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps dial
snmp-server enable traps dsp card-status
snmp-server enable traps entity
snmp-server enable traps event-manager
snmp-server enable traps frame-relay
snmp-server enable traps frame-relay subif
snmp-server enable traps hsrp
snmp-server enable traps ipmobile
snmp-server enable traps ipmulticast
snmp-server enable traps mpls ldp
snmp-server enable traps mpls traffic-eng
snmp-server enable traps mpls vpn
snmp-server enable traps msdp
snmp-server enable traps mvpn
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps pppoe
snmp-server enable traps cpu threshold
snmp-server enable traps rsvp
snmp-server enable traps rtr
snmp-server enable traps syslog
snmp-server enable traps l2tun session
snmp-server enable traps vsimaster
snmp-server enable traps vtp
snmp-server enable traps isakmp policy add
snmp-server enable traps isakmp policy delete
snmp-server enable traps isakmp tunnel start
snmp-server enable traps isakmp tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps voice poor-qov
snmp-server enable traps voice fallback
snmp-server enable traps dnis
snmp-server host 192.168.1.6 <removed> 
snmp-server host 192.168.1.6 ccbq_ro 
no cdp run
!
route-map static2eigrp permit 10
 match ip address 1 2
!
route-map clear-df permit 10
 match ip address 102
 set ip df 0
!
route-map NAT permit 10
 match ip address 101
!
route-map VPNINET permit 10
 match ip address 102
 set ip next-hop 192.168.1.5
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 login authentication CON
 transport output telnet
line aux 0
 transport output telnet
line vty 0 4
 exec-timeout 60 0
 privilege level 15
 login authentication VTY
 transport input telnet ssh
line vty 5 15
 exec-timeout 60 0
 privilege level 15
 transport input telnet ssh
!
scheduler allocate 20000 1000
ntp authentication-key 100 md5 12181103130807 7
ntp trusted-key 100
ntp clock-period 17180173
ntp source GigabitEthernet0/0
ntp master 6
ntp server 192.168.1.6
ntp server 128.118.46.3
!
end
 
CCBQ_2821#

Open in new window

Comment
Watch Question

Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
I forgot to remove "redistribute static" from EIGRP 255.  That was causing the flapping.  After removing that line, EIGRP routes were able to see EIGRP neigh routes.  I confirmed the issue by accessing the spoke route and shutting down the Tunnel Interface.  After verifying that the issue was related to the tunnel.  I knew it was DMVPN Router issue.
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.