locked
DMVPN B/w csr1000v on Azure is not working. RRS feed

  • Question

  •  

     Hi team,

    I am trying to configure DMVPN b/w CSR1000V running on Microsoft Azure and Vyatta Brocade  and its not working and i checked and unable to get the right documentation as some document is saying Azure do not support gre but on cisco support community its saying its supporting and DMVPN should work could u please help me in this regard as i tried to open cisco case and they refused to open technical case as its demo/trail version.

    Any help will be highly appreciated.


    configuration from car

    ========================

    CSR1000V-AZURE#show run interface tunnel0

    Building configuration...

    Current configuration : 303 bytes

    !

    interface Tunnel0

     ip address 172.18.0.25 255.255.255.0

     no ip redirects

     ip nhrp map multicast 192.155.209.234

     ip nhrp map 172.18.0.11 192.155.209.234

     ip nhrp network-id 1

     ip nhrp nhs 172.18.0.11

     ip nhrp shortcut

     ip nhrp redirect

     tunnel source GigabitEthernet1

     tunnel mode gre multipoint

    end

    debug nhrp packet:

    ==================

    *Jun  4 06:28:29.369: NHRP: Send Registration Request via Tunnel0 vrf global(0x0), packet size: 92

    *Jun  4 06:28:29.369:  src: 172.18.0.25, dst: 172.18.0.11

    *Jun  4 06:28:29.370:  (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1

    *Jun  4 06:28:29.370:      shtl: 4(NSAP), sstl: 0(NSAP)

    *Jun  4 06:28:29.370:      pktsz: 92 extoff: 52

    *Jun  4 06:28:29.370:  (M) flags: "unique nat ", reqid: 23 

    *Jun  4 06:28:29.370:      src NBMA: 10.10.0.4

    *Jun  4 06:28:29.370:      src protocol: 172.18.0.25, dst protocol: 172.18.0.11

    *Jun  4 06:28:29.370:  (C-1) code: no error(0)

    *Jun  4 06:28:29.370:        prefix: 32, mtu: 9976, hd_time: 7200

    *Jun  4 06:28:29.370:        addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 255

    *Jun  4 06:28:35.920: NHRP: Send Registration Request via Tunnel0 vrf global(0x0), packet size: 92

    *Jun  4 06:28:35.920:  src: 172.18.0.25, dst: 172.18.0.11

    *Jun  4 06:28:35.920:  (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1

    *Jun  4 06:28:35.920:      shtl: 4(NSAP), sstl: 0(NSAP)

    *Jun  4 06:28:35.920:      pktsz: 92 extoff: 52

    *Jun  4 06:28:35.920:  (M) flags: "unique nat ", reqid: 23 

    *Jun  4 06:28:35.920:      src NBMA: 10.10.0.4

    *Jun  4 06:28:35.920:      src protocol: 172.18.0.25, dst protocol: 172.18.0.11

    *Jun  4 06:28:35.920:  (C-1) code: no error(0)

    *Jun  4 06:28:35.920:        prefix: 32, mtu: 9976, hd_time: 7200

    *Jun  4 06:28:35.920:        addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 255

    Saturday, June 4, 2016 6:43 AM

All replies

  • Hello Faizullah,

    We are checking on the query and would get back to you soon on this.
    I apologize for the inconvenience and appreciate your time and patience in this matter.

    Regards,

    Sapna Girish


    Sapna G

    Saturday, June 4, 2016 6:12 PM
  • Hi Syed Faizullah,

    Are you using a Cisco Router as your VPN device or a Brocade Vyata VPN device?
    By DMVPN, do you mean a Multi-site VPN, Point-to-Site VPN or Site-to-Site VPN?

    If it is a Vyatta Brocade VPN device, then does it belong to the device family Vyatta 5400 vRouter with atleast Virtual Router 6.6R3 GA OS version?
    If yes, you could use the following configuration template to setup your device for Azure S2S VPN connection:
    http://www1.brocade.com/downloads/documents/html_product_manuals/vyatta/vyatta_5400_manual/wwhelp/wwhimpl/js/html/wwhelp.htm#href=VPN_Site-to-Site%20IPsec%20VPN/Preface.1.1.html
    Please note that Vyatta Brocade devices only support Static Routing Gateways, that would mean only s2s connections would work.

    If you are using a Cisco VPN device, Azure supports ASA, ASR and ISR families. As you said the CSR device is in preview and might not be advisable for a production connection. 
    ASR and ISR devices support static and dynamic routing, however, ASA devices only support static routing gateways.

    You could refer the following link for details on the various VPN devices supported in Azure:
    https://azure.microsoft.com/en-in/documentation/articles/vpn-gateway-about-vpn-devices/

    Also, If you don’t see your device listed in the Validated VPN devices table, it still may work with a Site-to-Site connection. Verify that your VPN device meets the minimum requirements outlined in the Gateway Requirements section of the About VPN Gateways article. Devices meeting the minimum requirements should also work well with VPN gateways. Please contact your device manufacturer for additional support and configuration instructions.

    Regards,
    Malar.

    Monday, June 6, 2016 6:18 AM