After implementing the following command I havent noticed anymore weird nhrp registers, and also we changed the address which crypto should allow to make a request for registers.

crypto isakmp aggressive-mode disable
crypto isakmp key 0 CISCO address [b]ActualIPAdress[/b]

Is it possible to implement DMVPN/NHRP on a Cisco VPN client?

I implemented DMVPN a while ago, and used to work great.
Recently I noticed memory & cpu usages going very high, and when I checked with show processes cpu , I saw that NHRP was using 40-60% of the CPU constantly.

I ran show ip nhrp , and the results really frightened me, there are lots of unknown ip address in there , same is happening on my Hub and on Spokes.

Here’s one of the many entries:

97.100.x.x/32 via 192.168.x.1
Tunnel0 created 00:00:03, expire 00:05:58
Type: dynamic, Flags: router

There are many other different IP addresses that look like the one above, any idea whats going on?

You can use ip sla traps and snmp.

Thanks

Question: I have DMVPN topology with two redundant NHSs (pointing each other) and several NHCs, and that topology works fine. Problem is when I shut NHS#1 (or it crashes) and bring it back, and then the same with NHS#2, my NHCs can’t see each other any more. They even can’t see NHSs, and NHSs can see only each other. I can only solve it by shut/no shut tunnel interfaces on NHCs.
Is there a rule or a behaviour of NHRP that NHSs have to be configured first in network, then NHCs?

I run multi area OSPF over multiple GRE tunnels, and it’s all protected with IPSec. I have removed IPSec protection and OSPF in observed mGRE tunnel to have a clear situation.

Any help?

I have two questions though:

1) How do I get spoke-to-spoke multicasting to work. Even the simple “ping 224.0.0.1″ on spokeA will not get a reply from spokeB, only the HUB.

2) How do I set up redundant NHS?