Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

DMVPN routing problem

Posted on 2011-03-03
2
Medium Priority
?
859 Views
Last Modified: 2012-05-11
I have set up a Cisco 881 as a hub that connects directly to our LAN router that is configured for static routing only.  The hub router is connected via a VLAN and has a currently pingable ip address assigned.  I have spoke that is successfully able to connect to the hub.  The hub can ping anything in the spokes LAN, but the spoke only goes as far as ping the hubs LAN ip address.  It will not ping anything beyond the hub.  I have set up eigrp on both the hub and the spoke and redistributed the static routes from the hub into EIGRP which can be seen on the spoke.
Not sure what else I have to add to get the traffic routing from the Tunnel to the hubs LAN.  Here is the hub config:

Current configuration : 2100 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname CAM-HUB
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 $1$06RN$Ar1ebwjhzejsH6nY5rQcu0
!
no aaa new-model
!
!
ip source-route
!
!
!
!
ip cef
!
no ipv6 cef
!
multilink bundle-name authenticated
license boot module c880-data level advipservices
!
!
!
no spanning-tree vlan 1
username admin privilege 15 secret 5 $1$plKb$.GApNCGhmE5wQki9jam4H0
!
!
crypto isakmp policy 10
 hash md5
 authentication pre-share
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set strong esp-3des esp-md5-hmac
!
crypto ipsec profile cisco
 set security-association lifetime seconds 120
 set transform-set strong
!
!
archive
 log config
  hidekeys
!
!
!
!
!
interface Tunnel0
 ip address 172.16.9.1 255.255.255.0
 no ip redirects
 ip mtu 1440
 no ip next-hop-self eigrp 90
 ip nhrp authentication cisco
 ip nhrp map multicast dynamic
 ip nhrp network-id 1
 no ip split-horizon eigrp 90
 tunnel source FastEthernet4
 tunnel mode gre multipoint
 tunnel key 0
 tunnel protection ipsec profile cisco
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 ip address 12.1.1.2 255.255.255.0
 duplex auto
 speed auto
!
interface Vlan1
 ip address 172.31.191.233 255.255.255.0
!
router eigrp 90
 redistribute static
 network 172.16.9.0 0.0.0.255
 network 172.31.191.0 0.0.0.255
 no auto-summary
!
ip default-gateway 172.31.191.1
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 12.1.1.1
ip route 172.31.0.0 255.255.0.0 172.31.191.1
ip route 172.31.191.0 255.255.255.0 172.31.191.1
ip route 172.31.191.0 255.255.255.0 Vlan1
ip route 172.31.225.0 255.255.255.224 172.16.10.2
no ip http server
no ip http secure-server
!
!
!
!
!
!
!
!
control-plane
!
!
line con 0
 password 7 0944410A12000E515F5E
 login local
 no modem enable
line aux 0
line vty 0 4
 password 7 020E0B5800031662181C
 login local
!
scheduler max-task-time 5000
end
0
Comment
Question by:Camarillo
2 Comments
 
LVL 16

Accepted Solution

by:
SteveJ earned 1500 total points
ID: 35040123
What's the source address that the spoke uses to ping stuff?

Good luck,
SteveJ
0
 

Author Closing Comment

by:Camarillo
ID: 35194062
Asked a good question that helped but didn't directly provide answer.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Keystroke loggers have been around for a very long time. While the threat is old, some of the remedies are new!
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question