[c-nsp] DMVPN -- IP / Tunnel Source change on remote site problems

Eric Cables ecables at gmail.com
Fri Nov 21 14:09:10 EST 2008


Hopefully someone here can provide some insight into the problem I'm seeing..

I recently tried to migrate a remote site from one WAN interface to
another (Serial0/0/0 -> Fast0/1 -- shared Eth handoff), and ran into
problems where the NHRP mapping would never update.  The remote
router, an 1800, has a dual cloud configuration.  I was going to
migrate Tunnel1 first by adding a more specific route out the new
Fast0/1 interface, establish the tunnel, then failover to it.

I went through the steps of adding the new route, and updating the
tunnel source from Serial0/0/0 to Fast0/1.  Next I shut/no shut the
Tunnel1 interface, hoping that everything would start fresh, using the
new tunnel source.  Unfortunately traffic was never able to function
over Tunnel1, and when looking at the headend I did not see the new
NHRP mapping show up, instead I only saw these messages:

Nov 21 10:56:49.478 PST: NHRP: Setting cache expiry for x.x.x.x to 5000
Nov 21 10:58:40.097 PST: NHRP: MACADDR: if_in null netid-in 0 if_out
Tunnel1 netid-out 25

The ISAKMP SA appeared functional:
x.x.x.x    x.x.x.x  QM_IDLE           4083    0 ACTIVE

I tried bouncing the remote site Tunnel1 interface multiple times,
cleaing NHRP & ISAKMP SA IDs on both the headend & remote side, but
nothing worked.  Finally out of frustration I bounced the Tunnel
interface on the headend, and sure enough everything started to
function.  The new NHRP mapping was created, and routing protocols
re-established their adjacencies.  Luckily this is a new DMVPN cloud,
so I was able to bounce the headend Tunnel interface, but if I had
multiple sites live this would not have been feasible.

Can anyone provide any insight into what happened?  What auxiliary
command could I have typed, (other than shut/no shut on the headend
tunnel), to have brought this up?

Thanks..


-- Eric Cables


More information about the cisco-nsp mailing list