Loading...
Loading...
Spoke running IOS-XE gets stuck at IKE or NHRP status (as shown under "show dmvpn").
- Can occur if the DMVPN hub(s) reloaded. - Can also occur if an ISP outage occurred at the spoke (potentially, any sort of trigger that would require the spoke to re-establish the VPN tunnel from scratch)
In some cases, it was observed that a shut/no shut on the tunnel interface, or, removing and re-applying the NHRP mapping commands on the spoke tunnel interface fixes the issue. If these do not help, a reload of the router needs to be performed.
To confirm this bug, in the broken state, the following counters can be checked - show platform hardware qfp active feature ipsec data drop - Check that the 'OUT_V4_PKT_HIT_IKE_START_SP' counter is incrementing. show platform software ipsec policy statistics - Check that the 'NOTIFY RP' counter is NOT incrementing.
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.