Guest

Preview Tool

Cisco Bug: CSCum84172 - DMVPN: Need to protect nodes from being triggered as behind NAT.

Last Modified

Dec 17, 2018

Products (17)

  • Cisco IOS
  • Cisco ME 3600X-24TS-M Switch
  • Cisco 7301 Router
  • Cisco 7206 Router
  • Cisco 7206VXR Router
  • Cisco 7204 Router
  • Cisco 7202 Router
  • Cisco 7600 Series Route Switch Processor 720 with Multilayer Switch Feature Card
  • Cisco ME 3600X-24FS-M Switch
  • Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks
View all products in Bug Search Tool Login Required

Known Affected Releases

15.0M 15.1T 15.2(4)S

Description (partial)

Symptom:
Incorrect NHRP mapping information for a hub can be propagate throughout the DMVPN network and cause data packet forwarding via a spoke-hub-spoke path even when a spoke-spoke direct path has been built and the sending nodes "thinks" it is sending on the direct path.

Conditions:
A DMVPN spoke node is mis-configured with the correct tunnel IP address, but the wrong NBMA address for a hub (hub1). In this case the incorrect NBMA address would be for a different hub (hub2).

Hub1 is configured to be both a hub and a spoke. I.e. it can be the end-point for spoke-spoke tunnels.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.