RV50 IP Passthrough to DMVPN Cisco Routers - DMVPN Tunnel flapping

Newish user here in the context of the forums, but a few year veteran when it comes to using and managing Sierra Gateways - RV50s, GX450, ES440/450.

Recently our company has reconfigured out we do remote offices / remote project trailers and have a setup like such:
Verizon (internet) > RV50 (passthrough) > Cisco 1921 (DMVPN Tunnel termination) > Cisco Switch (for devices to connect to).

We have other locations that due to hardware in past have non-Sierra Cell modems as well or Cable internet instead coming into them (vs Cellular). These sites are not having any of the issues we’re experiencing with the sites we have Sierra devices at.

The issue we experience is with our DMVPN tunnels flapping (disconnecting, re-establishing). Multiple Sierra RV50s (possibly GX450s as well) are seeing this happen. Tunnels seem to flap somewhere between 2 min - 6min timeframe, causing routes (OSPF) to also show the flap, but the cell modems themselves seem to stay connected on their public address. We have these all setup according to other ‘best practice’ or suggested configuration which is:

IP Passthrough mode, First host address, Reset host interface enabled (so the first device gets host passthrough and the public IP.
Also have DMZ Host enabled and set to automatic, on first host (so it acts like a true passthrough).
Finally as far as we can tell (we’ve checked them vs our old configuration), and all other settings for the most part are default, unused, etc.

We looked at everything across the board, and the only item that holds true for connections experiencing this tunnel flapping is where we have Sierra devices as the cell modem, vs other cell modems or cable modems in place.

We can’t spot what is causing this flapping to happen, and suspect it is likely just a configuration setting in the Sierra we need to better find and understand, but don’t know where to look, and i can’t find anything scrubbing the googler or forums here to figure it out and point us in the right direction. Happy to provide a generic config if one is needed (minus our private info i’d scrub off it).

Update (figures, it came just after I posted initially)…

We originally had these set without the following:
Security > DMZ host Enabled = Automatic, Port Forwarding = Disable

We tried setting one of ours having the issue to the above settings yesterday evening, and so far haven’t seen any further flapping on it since doing so.

We’ll continue to monitor and update this to being the solution used if it seems to hold true.

… meanwhile, if anyone sees the post and can confirm exactly all what this feature does, that might help us understand and shed more light on the topic for future. In past we didn’t use this when we terminated VPNs right to the Modem (vs Cisco Router) but this was also off to prevent split tunneling (letting hosts talk right to internet), and was done for security reasons. With IP Passthrough that’s no longer an issue as our hosts wouldn’t be exposed due to router taking care of the tunnel instead.

Hi mneldner,

IP passthrough will assign WAN IP directly to your host(device that connected to gateway) but DMZ. In normal way, gateway will assign IP from DHCP pool to host or you can set it manually.

It seems that you can bypass this issue by enabling DMZ with option “Automatic”.

Please make your firmware is up to date. If you still face this issue, please be patient for the next fix.

Thanks,

We are trying to use an RV55 to passthrough IPsec from our router, would you do this the same way?

Hi chambersj,

To help people who joined the forum find their solution easily, I suggest creating a new to topic so we can discuss about it.

Thanks,