Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

DMVPN routing problem

Posted on 2011-03-03
2
Medium Priority
?
850 Views
Last Modified: 2012-05-11
I have set up a Cisco 881 as a hub that connects directly to our LAN router that is configured for static routing only.  The hub router is connected via a VLAN and has a currently pingable ip address assigned.  I have spoke that is successfully able to connect to the hub.  The hub can ping anything in the spokes LAN, but the spoke only goes as far as ping the hubs LAN ip address.  It will not ping anything beyond the hub.  I have set up eigrp on both the hub and the spoke and redistributed the static routes from the hub into EIGRP which can be seen on the spoke.
Not sure what else I have to add to get the traffic routing from the Tunnel to the hubs LAN.  Here is the hub config:

Current configuration : 2100 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname CAM-HUB
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 $1$06RN$Ar1ebwjhzejsH6nY5rQcu0
!
no aaa new-model
!
!
ip source-route
!
!
!
!
ip cef
!
no ipv6 cef
!
multilink bundle-name authenticated
license boot module c880-data level advipservices
!
!
!
no spanning-tree vlan 1
username admin privilege 15 secret 5 $1$plKb$.GApNCGhmE5wQki9jam4H0
!
!
crypto isakmp policy 10
 hash md5
 authentication pre-share
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set strong esp-3des esp-md5-hmac
!
crypto ipsec profile cisco
 set security-association lifetime seconds 120
 set transform-set strong
!
!
archive
 log config
  hidekeys
!
!
!
!
!
interface Tunnel0
 ip address 172.16.9.1 255.255.255.0
 no ip redirects
 ip mtu 1440
 no ip next-hop-self eigrp 90
 ip nhrp authentication cisco
 ip nhrp map multicast dynamic
 ip nhrp network-id 1
 no ip split-horizon eigrp 90
 tunnel source FastEthernet4
 tunnel mode gre multipoint
 tunnel key 0
 tunnel protection ipsec profile cisco
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 ip address 12.1.1.2 255.255.255.0
 duplex auto
 speed auto
!
interface Vlan1
 ip address 172.31.191.233 255.255.255.0
!
router eigrp 90
 redistribute static
 network 172.16.9.0 0.0.0.255
 network 172.31.191.0 0.0.0.255
 no auto-summary
!
ip default-gateway 172.31.191.1
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 12.1.1.1
ip route 172.31.0.0 255.255.0.0 172.31.191.1
ip route 172.31.191.0 255.255.255.0 172.31.191.1
ip route 172.31.191.0 255.255.255.0 Vlan1
ip route 172.31.225.0 255.255.255.224 172.16.10.2
no ip http server
no ip http secure-server
!
!
!
!
!
!
!
!
control-plane
!
!
line con 0
 password 7 0944410A12000E515F5E
 login local
 no modem enable
line aux 0
line vty 0 4
 password 7 020E0B5800031662181C
 login local
!
scheduler max-task-time 5000
end
0
Comment
Question by:Camarillo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 16

Accepted Solution

by:
SteveJ earned 1500 total points
ID: 35040123
What's the source address that the spoke uses to ping stuff?

Good luck,
SteveJ
0
 

Author Closing Comment

by:Camarillo
ID: 35194062
Asked a good question that helped but didn't directly provide answer.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against  DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question