GRE tunnel keeps dropping cisco 877s to 877w using NHRP (DMVPN design)
Hi all,
i dont know how long this as been going on but today its been happeing quite alot, the tunnel comes back up eventually
the only message i have is
000109: *Jul 11 03:49:39.759: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 192.168.100.1 (Tunnel4) is down: holding time expired
CWPD#sh ip eigrp neighbors
IP-EIGRP neighbors for process 100
000110: *Jul 11 03:51:27.943: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 192.168.100.1 (Tunnel4) is up: new adjacency
CWPD#
my configs for the tunnels below
no idea why its happening at all, can anyone shed any light?
thanks
i dont know how long this as been going on but today its been happeing quite alot, the tunnel comes back up eventually
the only message i have is
000109: *Jul 11 03:49:39.759: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 192.168.100.1 (Tunnel4) is down: holding time expired
CWPD#sh ip eigrp neighbors
IP-EIGRP neighbors for process 100
000110: *Jul 11 03:51:27.943: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 192.168.100.1 (Tunnel4) is up: new adjacency
CWPD#
my configs for the tunnels below
no idea why its happening at all, can anyone shed any light?
thanks
############# 877w NHRP server ################
crypto ipsec transform-set DMVPN_SET esp-3des esp-sha-hmac
mode transport
!
crypto ipsec profile DMVPN
set transform-set DMVPN_SET
interface Tunnel1
ip address 192.168.100.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication xxxxxxxxxxxxxxxxxxxxxxxxxx
ip nhrp map multicast dynamic
ip nhrp network-id 100
ip nhrp holdtime 450
ip tcp adjust-mss 1360
no ip split-horizon eigrp 100
tunnel source Dialer1
tunnel mode gre multipoint
tunnel key 100
tunnel protection ipsec profile DMVPN
interface Virtual-Template1 type tunnel
ip unnumbered Loopback0
tunnel mode ipsec ipv4
tunnel protection ipsec profile DMVPN
################ 1 of 3 NHRP clients 877s ##############
crypto ipsec transform-set DMVPN_SET esp-3des esp-sha-hmac
mode transport
!
crypto ipsec profile DMVPN
set transform-set DMVPN_SET
interface Tunnel4
ip address 192.168.100.4 255.255.255.0
no ip redirects
ip mtu 1440
ip nhrp authentication xxxxxxxxxxxxxxxxxxx
ip nhrp map 192.168.100.1 7x.xxx.xxx.xxx
ip nhrp map multicast 7x.xxx.xxx.xxx
ip nhrp network-id 100
ip nhrp holdtime 450
ip nhrp nhs 192.168.100.1
ip tcp adjust-mss 1360
tunnel source Dialer1
tunnel destination 77.xxx.xxx.xx
tunnel key 100
tunnel protection ipsec profile DMVPN
ASKER
where using eigrp across the tunnel, i pinged the tunnel endpoint and regardless of eigrp i should be able to do that yes?
im on 192.168.100.4 pinging 192.168.100.1 so no prbs there
so my dialer interface could be flapping? problem with ISP?
i rebooted it and its much more stable now, no drops at all
im on 192.168.100.4 pinging 192.168.100.1 so no prbs there
so my dialer interface could be flapping? problem with ISP?
i rebooted it and its much more stable now, no drops at all
That ping will fail eventually when the tunnel goes down.
When your tunnel goes down the first thing I would check would be a ping to the tunnel destination ( 70.xx.xx.xx ). And yes, it's possible your dialer might be flapping and if it's true, you will lose the route to 70.xx.xx.xx if you've learned it via a routing protocol from isp.
When your tunnel goes down the first thing I would check would be a ping to the tunnel destination ( 70.xx.xx.xx ). And yes, it's possible your dialer might be flapping and if it's true, you will lose the route to 70.xx.xx.xx if you've learned it via a routing protocol from isp.
If you want the 877 to communicate directly (spoke-to-spoke), I suggest that you change "tunnel destination 77.xxx.xxx.xx" in the tunnel 4 interface to "tunnel mode gre multipoint" on the 877.
Also, the virtual-template is not needed for dmvpn.
Also, the virtual-template is not needed for dmvpn.
ASKER
if it happens again i will try pinging the external address
i like hub and spoke
also just another question
how many wireless connections can a 877w handle, im planning on using an access point in an adjecent office that will service about 15 machines/printers etc
then foward them all to the 77 which acurrently has around 4-6 devices connected to it, will it be ok to handle?
also i am planning on hosting a websserver beind the same 877w will that be ok to handle around 500 visits a day?
thanks
i like hub and spoke
also just another question
how many wireless connections can a 877w handle, im planning on using an access point in an adjecent office that will service about 15 machines/printers etc
then foward them all to the 77 which acurrently has around 4-6 devices connected to it, will it be ok to handle?
also i am planning on hosting a websserver beind the same 877w will that be ok to handle around 500 visits a day?
thanks
ASKER
ok i contacted my isp, they want me to chagne the microfilter, but the line test is fine.
if the microfilter change fails, could my 877 be developing a fault?
if the microfilter change fails, could my 877 be developing a fault?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
1.the route to the tunnel destination dissapears for some reasons ( maybe u're learining it from another routing protocol and he's to blame )
2.the interface that anchors the tunnel is flapping
Check this at your endpoint.