DMVPN - EIGRP Neighbors

Hello

I run a solution DMVPN mode double hub. I use EIGRP as Protocol routing between the hub and the spokes.

I know that the gre is pain most of the time, but we have to live with that. Although I had neighbors talk about EIGRP

stable for 8-9 weeks and other drop all the few weeks that I realized 2 days all EIGRP neighbors dropped simultaneously

in the two centres.

On each RADIUS, I run a phase commune 1 for the VPN, but different phase 2 of people who know well the DMVPN th know what I mean.

HUBs located in different areas and it was not issue of bandwidth to assign the two hubs at the same time. Its really something

with protocols that use the DMVPN or EIGRP.

I saw DMVPN drops I saw only the EIGRP neighborship declined for all rays in both same time centers. Any suggestions

Why EIGRP failed?

It could be something with PNDH or an IOS bug;

iOS c800-universalk9 - mz.spa.153 - 3.m.bin

Please don't ask me basic troubleshooting, connectivity or timers. I'm looking for an advanced suggestion I have solved many problems DMVPN

which cisco even could not find.

I am looking forward to good suggestion and thank you for taking the time to consider the issue.

Kind regards

Spyros

Hello

«Do not forget that it is a design talk to speak.» Talk about communication talk goes staright away. DMVPN creates a dynamic tunnel between them and does not have the traffic via the HUB. »

I think I disagree with you here cordially with these instructions next hop and split horizon of eigrp on shelves

Rays set in fact tunnels between them however I'm being understood that the PNDH Rais of first need to query the cache of the PNDH server for the ip address of 'inside' to speak it it wants to connect to check the accessibility of the address of tunnel - I can't see or understand now why this requirement is also necessary on the rays.

When you say adjacencies eigrp lowered at the same time - we are still not sure, this is due to some partial failure that has been found to ask, but I think for all rollover between hubs eigrp to work they must have potential successors then do these show upward in the topology tables? -Maybe you had a situation where the two hubs became State SIA and dropped?

One last thing for a DWVPN mesh (talk to speaks) don't is not PKI is necessary and not pre-shared key and you say said cisco iOS has been or use cordially IPSec/gre is buggy what they suggest to make? As in your last post, you say that you sorted.

RES
Paul

Sent by Cisco Support technique iPad App

Tags: Cisco Network

Similar Questions

  • DMVPN + found EIGRP neighbor

    Hello

    Relocation of the production LABORATORY and I can't get the HUB router to participate in EIGRP.  I see in the neighbouring newspapers not found (10.1.2.192), which is the interface of the satellite mission tunnel.

    HUBS:

    Tunnel1 interface

    10.1.2.1 IP address 255.255.255.0

    no ip redirection

    IP 1400 MTU

    no ip next-hop-self eigrp 3111

    no ip split horizon eigrp 3111

    authentication of the PNDH IP TEST

    dynamic multicast of IP PNDH map

    PNDH network IP-1 id

    property intellectual PNDH holdtime 300

    IP tcp adjust-mss 1360

    source of tunnel GigabitEthernet0/0

    multipoint gre tunnel mode

    tunnel key 123

    Shared protection ipsec TEST-DMVPN tunnel profile

    ...........

    Router eigrp 3111

    10.0.0.0 network

    EIGRP router id 10.120.0.10

    ............

    R4-2911-HUB #show ip eigrp neighbors

    IPv4-EIGRP Neighbors for ACE (3111)

    ........

    Ms 3 23:18:21.264: EIGRP: Neighbor (10.1.2.192) not found

    ................

    SPEAKS:

    Tunnel1 interface

    IP 10.1.2.192 255.255.255.0

    no ip redirection

    IP 1400 MTU

    authentication of the PNDH IP TEST

    map of PNDH 10.1.2.1 IP 205.234.20.11

    PNDH network IP-1 id

    property intellectual PNDH holdtime 300

    property intellectual PNDH nhs 10.1.2.1

    IP tcp adjust-mss 1360

    source of tunnel GigabitEthernet0/1

    multipoint gre tunnel mode

    tunnel key 123

    Shared protection ipsec TEST-DMVPN tunnel profile

    .........

    Router eigrp 3111

    10.0.0.0 network

    connected EIGRP stub

    ..........

    IPv4-EIGRP Neighbors for ACE (3111)

    H address Interface Hold Uptime SRTT RTO Q Seq

    (s) (ms) NTC Num

    1 10.1.2.1 Tu1 13 00:00:10 1 5000 1 0

    2 10.192.11.1 Gi0/0.1 14 00:07:05 16 100 0 39

    10.192.2.1 00:07:06 148 888 14 Gi0/0.2 0 0 36

    .......

    * 3 sep 23:19:18.675: down: Peer 10.1.2.1 total = 0 2 heel, heel iidb = 0 iid - all = 0

    * 3 sep 23:19:18.675: EIGRP: manage a deallocation failure [1]

    * 3 sep 23:19:18.675: EIGRP: neighbour 10.1.2.1 descended upon Tunnel1.

    * 3 sep 23:19:22.943: EIGRP: new peer 10.1.2.1.

    * 3 sep 23:19:22.943: % NBRCHANGE-5-DOUBLE: 3111 IPv4 EIGRP: neighbour 10.1.2.1 (Tunnel1) is in place: new adjacency...

    Can someone help me?  I for the life of me can't understand why the rays can peers but the HUB is impossible.

    Hello

    Usually, the RADIUS is configured with the PNDH ip map 205.234.20.11 multicast on his love interface. I do not see this line in your mission satellite configuration - could you add it?

    Also, you happen to use any command of nearby in your EIGRP configuration on the hub or the RADIUS?

    Best regards

    Peter

  • With DMVPN EIGRP

    Why it is necessary to increase the bandwidth the tunnel interface when running with DMVPN EIGRP?

    Thank you

    The default value is 9. The value of bandwidth recommend is 1000 or more. Setting the value of bandwidth of at least 1000 is critical if EIGRP is used via the tunnel interface. The higher bandwidth values may be required depending on the number of rays supported by a hub. The bandwidth for the radius parameter doesn't have to match the setting of bandwidth for the DMVPN hub. It is usually easier if all the rays use the same or similar value.

    Francisco

  • authentication of EIGRP neighbors

    I want to know how far behind I me if I configure md5 authentication in my neighbors eigrp. I guess that's not much, but I would like to have the info, if anyone knows I'll apreciate it

    Thank you

    Hello

    There will be no noticeable delay with authentication EIGRP. It will be an MD5 hash in the EIGRP packets and time, cost is the processing time to generate the hash. It is the order of microseconds, and finally development.

    I hope this helps! Please note all messages.

    Regards, Martin

  • DMVPN Tunnel and EIGRP routing problem

    I have redundant paths to a remote 2811 router on my network of sites.  The first links is a T1 frame relay connection that has been in place for years, and the new link is on a 54 Mbps fixed wireless that was recently created.

    I'm under EIGRP to my process of routing protocol 100 for the two links.

    I installed a DMVPN Tunnel between the remote 2811 and no. 2851 router on my host site.  The tunnel interface shows to the top and to the top of both sides and I can ping the IP remote tunnel of my networks side host.

    However my eigrp routes are not spread over this new tunnel link and if I run a command show ip eigrp neighbor on each router I show only the neighbor for the frame relay link and not the new wireless link.

    What I'm missing here?

    A tunnel0 to see the shows the following:

    Tunnel0 is up, line protocol is up
    Material is Tunnel
    The Internet address is 10.x.x.x/24
    MTU 1514 bytes, BW 54000 Kbps, DLY 10000 usec,
    reliability 255/255, txload 1/255, rxload 1/255
    Encapsulation TUNNEL, loopback not set
    KeepAlive not set
    Tunnel source (FastEthernet0/1), destination 172.x.x.x 10.x.x.x
    Tunnel/GRE/IP transport protocol
    Key 0x186A0, sequencing of the people with reduced mobility
    Disabled packages parity check
    TTL 255 tunnel
    Quick tunneling enabled
    Tunnel of transmission bandwidth 8000 (Kbps)
    Tunnel to receive 8000 (Kbps) bandwidth
    Tunnel of protection through IPSec (profile "CiscoCP_Profile1")
    Last entry of 00:00:01, exit ever, blocking of output never
    Final cleaning of "show interface" counters never
    Input queue: 0/75/0/0 (size/max/drops/dumps); Total output drops: 947
    Strategy of queues: fifo
    Output queue: 0/0 (size/max)
    5 minute input rate 0 bps, 0 packets/s
    5 minute output rate 0 bps, 0 packets/s
    packages of 880, 63000 bytes, 0 no buffer entry
    Received 0 broadcasts, 0 Runts, 0 Giants 0 shifters
    errors entry 0, 0 CRC, overgrown plot of 0, 0, 0 ignored, 0 abort
    output of 910 packages, 81315 bytes, 0 underruns
    0 output errors, 0 collisions, 0 resets interface
    unknown protocol 0 drops
    output buffer, the output buffers 0 permuted 0 failures

    Please go ahead and add a static route on the hub, so it goes through the wireless link and let me know if everything works correctly.

    Federico.

  • Study on authentication of neighboring router EIGRP

    Hello

    I'm studying for my OFFICE. There is an area called "the EIGRP neighbor router authentication." Because it's safer and I don't have rear security on the ground, find it me difficult to understand all thoe MD5, key, key ring, key etc. chain.

    Can someone please recommend me a note for me to read and understand what these things are, how they really work etc?

    Thanks in advance!

    Hi, a very good link to CCO for your purpose is:

    http://www.Cisco.com/en/us/products/SW/iosswrel/ps1828/products_configuration_guide_chapter09186a00800ca60f.html

    Kind regards.

    Hope this helps, so pls if rate post

  • DMVPN WILL ACCESS LIST

    Hi, guys

    Could you please help me with this matter?

    When you configure the DMVPN talk-to-spoke with several hubs (GRE IPSEC EIGRP) talked about what traffic should be allowed on the external physical interface on a router?

    !

    IP access-list еxtended CRYPTO-ONLY

    license to esp [IPSEC peers Reomote] [IPSEC peer Local]

    permit of eq isakmp udp [IPSEC peers Reomote] [IPSEC peer Local]

    allow accord [IPSEC peers Reomote] [IPSEC peer Local]

    !

    interface FastEthernet

    IP access-group CRYPTO ONLY in

    !

    If I delete the last line of the access list, where the "free WILL" is permitted, the router never built EIGRP neighbor relationships. If this line should be present? If so, does any not encrypted GRE traffic will come out?

    Thanks in advance,

    Mladen

    Hey Mladen,

    The access list bound to the external interface is checked twice IE before and after decryption. This is why you must allow packets will clear also.

    HTH

    Sangaré

    pls rate helpful messages

  • EIGRP: Package ourselves ignored

    I did a debug eigrp neighbors, and I got the message "EIGRP: package ourselves ignored" every 5 seconds. I found that I could get rid of it through the passive loopback interface. So is this just cosmetic, or is it considered good practice to make passive loopback interfaces? What are the advantages and disadvantages?

    Kevin Dorrell

    Luxembourg

    Kevin

    I see only one single factor that could be a con to passive looping with EIGRP. If you make the passive interface it does not appear when you show ip eigrp interface. (and if it's really a con will depend on your point of view) I see several factors pro. If the closure is not passive, EIGRP will build and try to send (or perhaps based on your results I should say sends) a Hello packet to itself and are preparing to attempt to build a contiguity. Of course the adjacency will never do. So if you're passive looping you will gain a number of overhead.

    If you include a network for looping statement, but liabilities of closure it is always announced that according to me is the main reason to enroll him in EIGRP. If we get the main advantage and can save some overhead so I guess maybe it's bordered on being a best practice. (Although I must admit that most of the configs I do not have passive looping. "So I do not believe very strongly in this subject being recommended.)

    HTH

    Rick

  • Mutual redistribution between EIGRP and BGP and match statements

    Hello Experts

    I'm working on a problem of mutual redistribution between EIGRP and BGP

    The idea is a beacon (210) on traffic from our LAN on R2 - 2 so that it can be put in correspondence and denied the R3-7. The goal is to prevent routing loops.

    The routes are redistributed in R1 - 1, but I am not able to see if the roads are being marked.

    Can someone let me know how to check the roads are being filtered with course maps?

    TBH, I don't think the market at all.

    I have attached the configs and view orders.

    I read somewhere the problem was with match type internal route command, but I don't know if this is the problem

    Any help will be greatly appreciated.

    Topology and configs are attached.

    See you soon

    Hello

    You have 2 points:

    1. Deny the redistribution of EIGRP routes tag in BGP: you already have with your route map
    2. You must filter the roads scholar eigrp on R5 to them are not propagated in R2. I'll use a roadmap for the tag and the EIGRP neighbor. The configuration looks like:

    IP access-list standard FROM_R4
    license to host 192.168.1.2
    !
    !
    EIGRP-TAG route map deny 10
    ! subnets from R4 with tag 210
    match ip route-source FROM_SLDC
    game tag 210
    EIGRP-TAG allowed 20 route map
    !
    Router eigrp 65100
    ! Filtering of marked routes
    route map EIGRP-distribute-list tag in
    !

    Currently, you are missing a piece to import these networks R5.

    Thank you

    PS: Please do not forget to rate and score as correct answer if this answered your question

  • Nearby EIGRP falls on GRE tunnel

    I have several users working at home with a router 871 a 2811 access in our offices. While most of these connections works without any problem, I have a few sites that continue to drop the EIGRP neighbor. Here is a sample of the log file

    * Dec 17 06:32:48: % DUAL-5-NBRCHANGE: 10 IP-EIGRP (0): neighbor 172.29.1.49 (Tunnel1) is on the rise: new adjacency

    * Dec 17 06:41:58: % DUAL-5-NBRCHANGE: 10 IP-EIGRP (0): neighbor 172.29.1.49 (Tunnel1) is falling: Farewell Interface received

    * Dec 17 06:42:03: % DUAL-5-NBRCHANGE: 10 IP-EIGRP (0): neighbor 172.29.1.49 (Tunnel1) is on the rise: new adjacency

    * Dec 17 06:43:41: % DUAL-5-NBRCHANGE: 10 IP-EIGRP (0): neighbor 172.29.1.49 (Tunnel1) is falling: Farewell Interface received

    * Dec 17 06:43:46: % DUAL-5-NBRCHANGE: 10 IP-EIGRP (0): neighbor 172.29.1.49 (Tunnel1) is on the rise: new adjacency

    * Dec 17 06:49:30: % DUAL-5-NBRCHANGE: 10 IP-EIGRP (0): neighbor 172.29.1.49 (Tunnel1) is falling: Farewell Interface received

    * Dec 17 06:49:33: % DUAL-5-NBRCHANGE: 10 IP-EIGRP (0): neighbor 172.29.1.49 (Tunnel1) is on the rise: new adjacency

    Does anyone have any ideas as to what may cause this problem?

    Rick

    Run us EIGRP GRE/IPSec tunnels to many remote routers. We have seen this problem of instability of EIGRP neighbor, more in some areas and less in others. Often one side removes the neighbor relationship and sends a 'goodby' neighbor. I guess it must if with packet loss drop some of the EIGRP Hello messages. We found that, by increasing the EIGRP timers, we reduced the frequency with which we see the problem (we use 15 and 45 rather than the value default 5 and 15).

    HTH

    Rick

  • DMVPN divide tunnling question, not able to pass http traffic to end spoke.

    Hi all

    I would appreciate it please help me solve after publication.
    I've used installation DMVPN (EIGRP routing protocol) for 20 site no problem at all, and everything works perfectly.
    Now, I have received a request that I would need to divide the legitimate business and internet traffic to end talks, so all internet traffic via a local ADSL connection, but I tried to solve it but router speaks constantly forward all traffic to the tunnel.
    Moreover, I found on internet DMVPN a limitation that split tunneling isn't possible.
    Please can you suggest me how can I send internet traffic (HTTP) via a DSL connection local
    Thank you and best regards,

    DMVPN is not based on politics, split tunneling concepts not apply.

    DMVPN relies on the road to understand what traffic should be sent by tunnel.

    In your case, you also have to distinguish between the company and the Internet HTTP traffic, better correct routing in place.

  • DMVPN & GRE over IPsec on the same physical interface

    Dear all,

    I am setting up two routers WAN, each router wan has a physical interface connecting to the branches and regional office by using the same provider.

    We will use the GRE over IPsec to connect to Office regional and DMVPN + EIGRP to branches.

    I would like to know if it is possible to configure tunnels for GRE over IPsec and DMVPN + EIGRP using the same source physical interface.

    Good answer, it's an urgent request and your response is much appreciated.

    Kind regards

    Hi Savio,

    It should work. We can configure dmvpn and gre-over-ipsec on ASA using the same physical interface.

    Kind regards

    NGO

  • MPLS BGP route push DMVPN rays

    I have an MPLS with BGP. I have sites that are not connected directly to the SPLM, also, but need a VPN s2s hub sites that are connected to the SPLM and in this way they access resources MPLS. I need to communicate the changes to itinerary for the SPLM when the DMVPN fails on another hub.

    Currently, this is my config:

    Datacenter (MPLS only)

     interface GigabitEthernet0/1 description MPLS ip address 192.168.0.34 255.255.255.252 interface Vlan2 ip address 192.168.96.2 255.255.255.0 router bgp 65511 bgp log-neighbor-changes network 192.168.96.0 neighbor 192.168.0.33 remote-as 65510

    Hub site 1 (MPLS + internet)

     interface Tunnel200 ip address 10.99.99.1 255.255.255.0 no ip redirects ip mtu 1400 ip nhrp authentication auth ip nhrp map multicast dynamic ip nhrp network-id 12345 ip nhrp holdtime 600 tunnel source GigabitEthernet0/0 tunnel mode gre multipoint tunnel key 200 tunnel protection ipsec profile dmvpn interface GigabitEthernet0/1 description MPLS ip address 192.168.1.2 255.255.255.0 secondary ip address 192.168.0.2 255.255.255.252 router bgp 65001 bgp log-neighbor-changes network 192.168.1.0 network 192.168.21.0 !10.99 clients are DMVPN spokes neighbor 10.99.99.3 remote-as 99010 neighbor 10.99.99.3 route-reflector-client neighbor 10.99.99.21 remote-as 99001 neighbor 10.99.99.21 route-reflector-client !as 65000 is the MPLS PE neighbor 192.168.0.1 remote-as 65000

    Hub 2 site, has the same configuration, except for the local ip address and the router BGP ID.

    Spoke site:

     interface Tunnel200 ip address 10.99.99.3 255.255.255.0 no ip redirects ip mtu 1400 ip nhrp authentication auth ip nhrp map 10.99.99.1 PUBLIC_IP_HUB_1 ip nhrp map 10.99.99.16 PUBLIC_IP_HUB_2 ip nhrp network-id 12345 ip nhrp holdtime 600 ip nhrp nhs 10.99.99.1 priority 1 ip nhrp nhs 10.99.99.16 priority 5 ip nhrp nhs fallback 60 tunnel source GigabitEthernet0/0 tunnel mode gre multipoint tunnel key 200 tunnel protection ipsec profile dmvpn interface GigabitEthernet0/1 description Internal ip address 192.168.3.1 255.255.255.192 router bgp 99010 bgp log-neighbor-changes network 192.168.3.0 neighbor 10.99.99.1 remote-as 65001 neighbor 10.99.99.16 remote-as 65013

    This site speaks

     #sh ip route B 192.168.1.0/24 [20/0] via 10.99.99.1, 00:47:01

    which is the network of HUBS, but the rest of the MPLS roads are not "learned".

    What Miss me?

    Thank you!

    192.168.21.0 is another spoke, sorry for Terseco not that. Same configuration as the op 192.168.3.0. So I make a record of the domain controller and it will the first hub and not backup

    The difference is that your hubs are advertising the subnet 192.168.21.0/24 IE. you have configured it as a statement of network under your BGP configuration on the hubs and not the rays where this subnet is actually which brings me to my next point.

    The hub will switch to backup when I mannualy closed the internet interface, but not the entire router. This could be a problem?

    Yes because the Hub 1 site still has its MPLS connection until 192.168.21.0/24 advertising to the domain controller is.

    If this subnet was announced by speak it that it belonged and not the hubs then it should be announced only by hub site 2 because the Hub 1 site is more would receive it on the site talks about.

    So why are advertising a route speaks on hubs instead of reception by spoke them and transmit to the MPLS network?

    Edit - for this subnet to advertise you must have a route in the IP routing for her table.  How are getting you this route in the routing table, it with a route static and if yes, what is the exact route you entered?

    Jon

  • STP traffic flow

    All,

    Got a facility below I'm looking for confirmation his works, your entries please

    SW1 - core <------------------- trunk="" -----------="" -----------------="">core sw2

    !                                                                                                          !

    !                                                                                                            !

    !                                                                                                             !

    Distribution L3 switch1 - not back to back connection - Distribution L3 switch2

    !                                                               !

    trunk                                                trunk

    !                                                              !

    access layer switch sw1 - connection to distribution switches trunk

    (1) I have (SW1 and SW2) basic switches connected to distribution switches (SW1 and SW2 L3 Distribution) the port configured with trunk and L3 interface vlan 40, the vlan 40 forming EIGRP neighbor ship with distribution, so ports switches using L2 and L3. also HSRP vlan 40 configured assets (sw1) standby time (sw2)

    (2) distribution switches - connected to basic with chest & int switches vlan 40 forming EIGRP neighbor ship with two basic switches - no VLANs hsrp 40 configured on the distribution switches

    (4) access layer switch - connected to the distribution and L2 switches vlan trunk 40 allowed. the gateway to this switch is now based on the HSRP active switches vlan 40 FT

    (5) to access switch the connected port Distribution sw1 - State PLEASE FWD, the other port in State BLK

    I would like to check with you, if connection made closed between the access to the distribution of switch 1 switch, STP removes the second port of State BLK and put in forwarding State &

    traffic will hit the sw2 basis and reach the gateway IP active HSRP to Core sw1

    I would say that he must work very well as long as the path EIGRP cost is in line with your bridge ID switch to designated paths. If you are under equal-cost path and default bridge ID, it can cause some strange paths by default so I think it is your primary consideration.

  • Router (IPSec)-&gt; INTERNET-&gt; Router (IPsec) where to put the TUNNEL IP POOL?

    Hello

    I'm still learning the VPN (IPsec), I was able to create a tunnel between my PC and my router, but now I want to connect two routers:

    F0/1=192.168.0.1 ROUTER A-> INTERNET-> ROUTER B F0/1=192.168.10.1

    Both routers receive an IP address from my ISP, I can't do a ping to a site at the other site, I mean, I am able to PING ROUTER A from ROUTER B with the ISP addresses and otherwise.

    Two ROUTERS have the same configuration, except for the IP addresses and the ACL, they are opposite.

    I think I know what I did wrong, but I don't know how to solve: the TUNNEL need also an IP from a POOL where should I put up, the ROUTER A or ROUTER B?

    ROUTER

    version 12.4

    horodateurs service debug datetime msec

    Log service timestamps datetime msec

    no password encryption service

    !

    router host name

    !

    boot-start-marker

    boot-end-marker

    !

    No aaa new-model

    IP cef

    !

    crypto ISAKMP policy 1

    BA 3des

    preshared authentication

    Group 2

    ISAKMP crypto key cisco address 81.83.201.BB

    !

    !

    Crypto ipsec transform-set esp-3des RIGHT

    !

    router_A_to_router_B 1000 ipsec-isakmp crypto map

    set of peer 81.83.201.BB

    transformation-RIGHT game

    match address 101

    !

    interface FastEthernet0/0

    DHCP IP address

    automatic speed

    full-duplex

    router_A_to_router_B card crypto

    !

    interface FastEthernet0/1

    the IP 192.168.0.1 255.255.255.0

    automatic speed

    full-duplex

    !

    !

    no ip address of the http server

    no ip http secure server

    !

    access-list 101 permit ip 192.168.0.0 0.0.0.255 192.168.10.0 0.0.0.255

    !

    !

    control plan

    !

    Line con 0

    Speed 115200

    line to 0

    line vty 0 4

    !

    !

    end

    ROUTER B

    version 12.4

    horodateurs service debug datetime msec

    Log service timestamps datetime msec

    no password encryption service

    !

    router host name

    !

    boot-start-marker

    boot-end-marker

    !

    No aaa new-model

    IP cef

    !

    crypto ISAKMP policy 1

    BA 3des

    preshared authentication

    Group 2

    ISAKMP crypto key cisco address 81.83.201.AA

    !

    !

    Crypto ipsec transform-set esp-3des RIGHT

    !

    router_B_to_router_A 1000 ipsec-isakmp crypto map

    set of peer 81.83.201.AA

    transformation-RIGHT game

    match address 101

    !

    interface FastEthernet0/0

    DHCP IP address

    automatic speed

    full-duplex

    router_B_to_router_A card crypto

    !

    interface FastEthernet0/1

    IP 192.168.10.1 255.255.255.0

    automatic speed

    full-duplex

    !

    !

    no ip address of the http server

    no ip http secure server

    !

    access-list 101 permit ip 192.168.10.0 0.0.0.255 192.168.0.0 0.0.0.255

    !

    !

    control plan

    !

    Line con 0

    Speed 115200

    line to 0

    line vty 0 4

    !

    !

    end

    !

    !

    !

    !

    !

    !

    Best regards

    Didier

    Didier, there are a number of things missing in your config file to make it work, what I can say fa0/1 is inside and the fa0/0 are outdoors. There is no NAT translation to activate the computers inside the network, allowing access to the Internet. You will also need to exclude the EIGRP NAT roads in order to reach the remote network. Each router must have a default gateway to the Internet, this should be done with the following command:

    IP route 0.0.0.0 0.0.0.0 fa0/0 dhcp

    This will use the default gateway of the DHCP server that assigns IP address on fa0/0. Once that each router has a path to another and the tunnel connects EIGRP will handle the rest given the information to the router 90, this is the spectacle of one of my spoke routers route:

    NTR-2620XM #show ip route
    Code: C - connected, S - static, mobile R - RIP, M-, B - BGP
    D - EIGRP, OSPF, IA - external EIGRP, O - EX - OSPF inter zone
    N1 - type external OSPF NSSA 1, N2 - type external OSPF NSSA 2
    E1 - OSPF external type 1, E2 - external OSPF of type 2
    i - IS - Su - summary IS, L1 - IS - IS level 1, L2 - IS level - 2
    -IS inter area, * - candidate failure, U - static route by user
    o - ODR, P - periodic downloaded route static

    Gateway of last resort is to network 0.0.0.0 0.0.0.0

    65.0.0.0/32 is divided into subnets, subnets 1
    C 65.14.24.190 is directly connected, Dialer0
    172.16.0.0/32 is divided into subnets, subnets 1
    D EX 172.16.50.31 [170/3074560] via 172.19.8.1, 20:04:58, Tunnel0
    172.19.0.0/24 is divided into subnets, subnets 1
    C 172.19.8.0 is directly connected, Tunnel0
    10.0.0.0/8 is variably divided into subnets, subnets 14, 6 masks
    D EX 10.13.13.8/29 [170/2818560] via 172.19.8.1, 20:04:58, Tunnel0
    D EX 10.11.7.0/28 [170/2818560] via 172.19.8.1, 20:04:58, Tunnel0
    D 10.13.13.0/29 [90/2818560] via 172.19.8.1, 20:04:58, Tunnel0
    C 10.19.9.0/27 is directly connected, Vlan200
    C 10.19.8.0/24 is directly connected, Vlan100
    C 10.19.10.0/28 is directly connected, Vlan900
    D EX 10.20.7.0/24 [170/2818560] via 172.19.8.1, 20:04:58, Tunnel0
    D [90/3097600] 10.22.7.0/24 through 172.19.8.1, 17:34:52, Tunnel0
    D 10.37.4.0/24 [90/3074560] via 172.19.8.1, 20:04:59, Tunnel0
    D 10.15.50.0/24 [90/3074560] via 172.19.8.1, 20:04:59, Tunnel0
    D EX 10.24.40.0/24 [170/2818560] via 172.19.8.1, 20:04:59, Tunnel0
    D 10.12.85.0/24 [90/3074560] via 172.19.8.1, 20:04:59, Tunnel0
    C 10.19.9.192/26 is directly connected, Vlan500
    D EX 10.244.0.0/22 [170/2818560] via 172.19.8.1, 20:04:59, Tunnel0
    74.0.0.0/32 is divided into subnets, subnets 1
    C 74.23.201.24 is directly connected, Dialer0
    S * 0.0.0.0/0 is directly connected, Dialer0

    All designated routes D are dynamic routes drawn other routers on the DMVPN EIGRP. It will propagate the routing table and they point to the appropriate star. If you follow the example that I gave you, you will have a functional DMVPN.

    See you soon,.

    Sam

Maybe you are looking for