[c-nsp] DMVPN problem, "NHRP: Encapsulation failed for destination" ...

Stephen Fulton sf at lists.esoteric.ca
Fri Sep 7 03:44:27 EDT 2007 

Hi all,

I've got a set up which has DMVPN working fine with a dozen remote 
locations, except for one.  The hub is a 2811 running 
c2800nm-advipservicesk9-mz.124-9.T1.bin, and the problem spoke is an 
older 1721 running c1700-advipservicesk9-mz.123-23.bin.  Essentially the 
  tunnel is not coming up between the hub and spoke, and the only clue 
I've seen in debug nhrp is the following:

Sep  7 03:31:06.460: NHRP: Attempting to send packet via DEST 128.1.254.4
Sep  7 03:31:06.460: NHRP: Send Error Indication via Tunnel0, packet 
size: 94
Sep  7 03:31:06.460:       src: 128.1.254.1, dst: 128.1.254.4
Sep  7 03:31:06.460: NHRP: Encapsulation failed for destination 
128.1.254.4 out Tunnel0

The crypto map configuration on the spoke is identical to all the other 
spokes, which work perfectly.  Mind you, those are more recent routers 
(2611XM's, 2811's, 1841's etc).

The spoke is a PPPoE connection, which the static IP configured on 
Loopback1 and the dialer interface using ip unnumbered Loopback1

Here's a redacted copy of the tunnel config for both the hub and problem 
spoke:

Hub:

interface Tunnel0
  description VPN GRE Tunnel Template
  ip vrf forwarding CUSTOMER-VRF
  ip address 128.1.254.1 255.255.255.0
  no ip redirects
  ip mtu 1400
  ip nhrp authentication PASSWD12
  ip nhrp map multicast dynamic
  ip nhrp network-id 1
  ip nhrp holdtime 300
  no ip route-cache cef
  no ip route-cache
  no ip mroute-cache
  ip ospf network broadcast
  ip ospf priority 255
  delay 1000
  keepalive 10 3
  tunnel source FastEthernet0/0
  tunnel mode gre multipoint
  tunnel key 123
  tunnel protection ipsec profile VPN-PROFILE shared


Spoke:

interface Tunnel0
  ip address 128.1.254.4 255.255.255.0
  no ip redirects
  ip mtu 1400
  ip nhrp authentication PASSWD12
  ip nhrp map multicast dynamic
  ip nhrp map 128.1.254.1 1.2.3.4
  ip nhrp map multicast 1.2.3.4
  ip nhrp network-id 1
  ip nhrp holdtime 300
  ip nhrp nhs 128.1.254.1
  no ip route-cache cef
  no ip route-cache
  no ip mroute-cache
  ip ospf network broadcast
  ip ospf mtu-ignore
  delay 1000
  keepalive 10 3
  tunnel source Loopback1
  tunnel mode gre multipoint
  tunnel key 0
  tunnel protection ipsec profile VPN-PROFILE


Any thoughts?

-- Stephen.

More information about the cisco-nsp mailing list