May 21, 2012

Posts Comments

IE Vol 1 DMVPN w/ PSK- **Solved by PacketU**

October 14, 2008 By Leave a Comment

Today I am working on some specific areas that I feel I lack in. Right now I’m working on DMVPN using IEs Volume 1 Workbook. I’ve done this lab before and had no issues. Right now R1 is the Hub (NHS) and r2 and r3 are both coming into R1 over a frame relay network. Here is the issue. R1 to R2- no problems. R1 to R3- the vpn us up but no EIGRP neighbor. Here are the configs. Anyone see what I am doing wrong? 

r1#sh run
Building configuration...



Current configuration : 1857 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r1
!
logging queue-limit 100
!
ip subnet-zero
!
!
!
ip audit notify log
ip audit po max-events 100
mpls ldp logging neighbor-changes
!
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
crypto isakmp key CISCO address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set 3DES_MD5_TRANS esp-3des esp-md5-hmac
mode transport
!
crypto ipsec profile VPN
!
crypto ipsec profile DMVPN
set transform-set 3DES_MD5_TRANS
!
!
!
!
!
!
!
!
!
!
!
no voice hpi capture buffer
no voice hpi capture destination
!
!
mta receive maximum-recipients 0
!
!
!
!
interface Loopback0
ip address 150.6.1.1 255.255.255.0
!
interface Loopback1
ip address 192.168.1.1 255.255.255.0
!
interface Tunnel0
bandwidth 1024
ip address 123.123.123.1 255.255.255.0
no ip redirects
ip nhrp authentication CISCO
ip nhrp map multicast dynamic
ip nhrp network-id 123
ip nhrp holdtime 60
no ip split-horizon eigrp 100
no ip split-horizon
delay 100
tunnel source Loopback0
tunnel mode gre multipoint
tunnel key 123
tunnel protection ipsec profile DMVPN
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0
ip address 136.6.0.1 255.255.255.0
encapsulation frame-relay
frame-relay map ip 136.6.0.2 102 broadcast
frame-relay map ip 136.6.0.3 103 broadcast
no frame-relay inverse-arp
!
interface Serial0/1
no ip address
shutdown
!
router eigrp 100
network 123.0.0.0
network 192.168.1.0
no auto-summary
!
router rip
version 2
network 136.6.0.0
network 150.6.0.0
no auto-summary
!
ip http server
no ip http secure-server
ip classless
!
!
!
!
!
call rsvp-sync
!
!
mgcp profile default
!
!
!
dial-peer cor custom
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end



r1#

R2:

r2#sh run
Building configuration...



Current configuration : 1844 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r2
!
logging queue-limit 100
!
ip subnet-zero
!
!
!
ip audit notify log
ip audit po max-events 100
mpls ldp logging neighbor-changes
!
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
crypto isakmp key CISCO address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set 3DES_MD5_TRANS esp-3des esp-md5-hmac
mode transport
!
crypto ipsec profile DMVPN
set transform-set 3DES_MD5_TRANS
!
!
!
!
!
!
!
!
!
!
!
no voice hpi capture buffer
no voice hpi capture destination
!
!
mta receive maximum-recipients 0
!
!
!
!
interface Loopback0
ip address 150.6.2.2 255.255.255.0
!
interface Loopback1
ip address 192.168.2.2 255.255.255.0
!
interface Tunnel0
bandwidth 1024
ip address 123.123.123.2 255.255.255.0
no ip redirects
ip nhrp authentication CISCO
ip nhrp map multicast 150.6.1.1
ip nhrp map 123.123.123.1 150.6.1.1
ip nhrp network-id 123
ip nhrp holdtime 60
ip nhrp nhs 123.123.123.1
delay 100
tunnel source Loopback0
tunnel mode gre multipoint
tunnel key 123
tunnel protection ipsec profile DMVPN
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0
ip address 136.6.0.2 255.255.255.0
encapsulation frame-relay
frame-relay map ip 136.6.0.1 201 broadcast
frame-relay map ip 136.6.0.3 201 broadcast
no frame-relay inverse-arp
!
interface Serial0/1
no ip address
shutdown
!
router eigrp 100
network 123.0.0.0
network 192.168.2.0
no auto-summary
!
router rip
version 2
network 136.6.0.0
network 150.6.0.0
no auto-summary
!
ip http server
no ip http secure-server
ip classless
!
!
!
!
!
call rsvp-sync
!
!
mgcp profile default
!
!
!
dial-peer cor custom
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end

R3:

r3#sh run
Building configuration...



Current configuration : 2012 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r3
!
logging queue-limit 100
!
ip subnet-zero
!
!
!
ip audit notify log
ip audit po max-events 100
mpls ldp logging neighbor-changes
!
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
crypto isakmp key CISCO address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set 3DES_MD5_TRANS esp-3des esp-md5-hmac
mode transport
!
crypto ipsec profile DMVPN
set transform-set 3DES_MD5_TRANS
!
!
!
!
!
!
!
!
!
!
!
no voice hpi capture buffer
no voice hpi capture destination
!
!
mta receive maximum-recipients 0
!
!
!
!
interface Loopback0
ip address 150.6.3.3 255.255.255.0
!
interface Loopback1
ip address 192.168.3.3 255.255.255.0
!
interface Tunnel0
bandwidth 1024
ip address 123.123.123.3 255.255.255.0
no ip redirects
ip nhrp authentication CISCO
ip nhrp map multicast 150.6.1.1
ip nhrp map 123.123.123.1 150.6.1.1
ip nhrp network-id 123
ip nhrp holdtime 60
ip nhrp nhs 150.6.1.1
delay 100
tunnel source Loopback0
tunnel mode gre multipoint
tunnel key 123
tunnel protection ipsec profile DMVPN
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 136.6.0.3 255.255.255.0
encapsulation frame-relay
frame-relay map ip 136.6.0.1 301 broadcast
frame-relay map ip 136.6.0.2 301 broadcast
no frame-relay inverse-arp
!
interface Serial1/1
no ip address
shutdown
!
interface Serial1/2
no ip address
shutdown
!
interface Serial1/3
no ip address
shutdown
!
router eigrp 100
network 123.0.0.0
network 192.168.3.0
no auto-summary
!
router rip
version 2
network 136.6.0.0
network 150.6.0.0
no auto-summary
!
ip http server
no ip http secure-server
ip classless
!
!
!
!
!
call rsvp-sync
!
!
mgcp profile default
!
!
!
dial-peer cor custom
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end



r3#

Error on R1:

r1# *Mar 1 01:36:44.458: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 123.123.123.3 (Tunnel0) is down: retry limit exceeded *Mar 1 01:36:44.458: destroy peer: 123.123.123.3 *Mar 1 01:36:48.068: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 123.123.123.3 (Tunnel0) is up: new adjacency *Mar 1 01:38:07.587: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 123.123.123.3 (Tunnel0) is down: retry limit exceeded *Mar 1 01:38:07.587: destroy peer: 123.123.123.3 *Mar 1 01:38:12.226: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 123.123.123.3 (Tunnel0) is up: new adjacency *Mar 1 01:39:31.749: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 123.123.123.3 (Tunnel0) is down: retry limit exceeded

The answer was simple but my eyes didn’t see it even though I looked at the interface a number of times. The nhrp nhs should be the tunnel interface, not the loopback.

Here is the change being made ans as you can tell, EIGRP established as soon as it was fixed. 




r3#sh run int t0
Building configuration...



Current configuration : 385 bytes
!
interface Tunnel0
 bandwidth 1024
 ip address 123.123.123.3 255.255.255.0
 no ip redirects
 ip nhrp authentication CISCO
 ip nhrp map multicast 150.6.1.1
 ip nhrp map 123.123.123.1 150.6.1.1
 ip nhrp network-id 123
 ip nhrp holdtime 60
 ip nhrp nhs 150.6.1.1
 delay 100
 tunnel source Loopback0
 tunnel mode gre multipoint
 tunnel key 123
 tunnel protection ipsec profile DMVPN
end



r3#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
r3(config)#int t0
r3(config-if)#no  ip nhrp nhs 150.6.1.1
r3(config-if)#no  ip nhrp nhs 150.6.1.1
*Mar  1 01:56:50.836: %LINK-3-BADMACREG: Interface Serial1/0, non-existent MACADDR registry for link 74
-Process= "NHRP", ipl= 0, pid= 99
-Traceback= 809A9698 809A94E0 8085EB28 8085EDF4 80862200 8086548C 8  ip nhrp nhs 150.6.1.1
*Mar  1 01:56:52.391: %LINK-3-BADMACREG: Interface Serial1/0, non-existent MACADDR registry for link 74
-Process= "NHRP", ipl= 0, pid= 99
-Traceback= 809A9698 809A94E0 8085EB28 8085EDF4 80862200 8086548C 808657B4 80865950 803CE314
r3(config-if)#
r3(config-if)#
r3(config-if)#
r3(config-if)#
*Mar  1 01:56:56.201: %LINK-3-BADMACREG: Interface Serial1/0, non-existent MACADDR registry for link 74
-Process= "NHRP", ipl= 0, pid= 99
-Traceback= 809A9698 809A94E0 8085EB28 8085EDF4 80862200 8086548C 808657B4 80865950 803CE314
*Mar  1 01:57:02.704: %LINK-3-BADMACREG: Interface Serial1/0, non-existent MACADDR registry for link 74
-Process= "NHRP", ipl= 0, pid= 99
-Traceback= 809A9698 809A94E0 8085EB28 8085EDF4 80862200 8086548C 808657B4 80865950 803CE314
r3(config-if)#
*Mar  1 01:57:16.322: %LINK-3-BADMACREG: Interface Serial1/0, non-existent MACADDR registry for link 74
-Process= "NHRP", ipl= 0, pid= 99
-Traceback= 809A9698 809A94E0 8085EB28 8085EDF4 80862200 8086548C 808657B4 80865950 803CE314
r3(config-if)#
r3(config-if)#
r3(config-if)#
r3(config-if)#  ip nhrp nhs 123.123.123.1
r3(config-if)#''
*Mar  1 01:57:35.469: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 123.123.123.1 (Tunnel0) is up: new adjacen
*Mar  1 01:57:35.477: IP-EIGRP(Default-IP-Routing-Table:100): 123.123.123.0/24 - do advertise out Tunnel0
*Mar  1 01:57:35.477: IP-EIGRP(Default-IP-Routing-Table:100): 192.168.3.0/24 - do advertise out Tunnel0
*Mar  1 01:57:35.477: IP-EIGRP(Default-IP-Routing-Table:100): Int 192.168.3.0/24 metric 128256 - 256 128000
r3(config-if)#
r3(config-if)#
r3(config-if)#
r3(config-if)#
Thanks PacketU!

Related Posts:

Filed Under: CCIE Security, IE Labs Tagged With: , ,

Speak Your Mind

*