DMVPN crypto map disappearing?

Hi all,

We have implemented a small DMVPN network (1 hub + 3 spokes, going to get bigger) using 877s at all sites (not my choice of platform, what the customer would pay for). It seemed to be working fine, but occasionally a couple of the spokes drop out completely & don't come back. Looking into it, I found that if I do a 'sh crypto map', there is no output from the spokes that are down, as opposed to the usual "Tunnel0-head-0" output. One way of restoring connectivity is to do:

! conf t int t0 no tunnel protection ... tunnel protection ... !

I presume that reloading the router might have the same effect, but have been unable to test this yet as the routers are still in use & running over the backup circuits.

The only difference I can see between the sites that stay up & the ones which go down is that the ones with problems also have a statically defined IPSec VPN to another site. i.e. the mGRE tunnel has IPSec protection configured, with a source of Dialer0, and Dialer0 also has a crypto map applied to it for connectivity to a site that is not yet on the DMVPN network.

I don't want to go into detailed config yet, but it is exaclty as I have found documented on & other sites, jsut with a 'traditional' vpn configured as well.

My question to the group is - has anyone else encountered this problem & do they have any suggestions for a work around?

(while we could reconfigure network to use ezvpn/static vpn tunnels, we want to try to get the DMVPN working properly!)

Reply to
Loading thread data ... Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.