Problem bringing up tunnel

Unanswered Question
Mar 13th, 2007
User Badges:

Hi guyz, i have a couple of queries regarding this technology and how they usually implement.. I may sound stupid but i have no other option but to ask... :-) first of all, i'd like to mention that its our org's best practice that we use two cisco 831 routers at the customer premises and then terminate this at the headend 7206 router in the data centre. we have been sent the bootstrap config to tftp to the 2 c831 routers.

the initial configs for these 2 routers are keyed into the ISC server in data centre. The first C831 acts as a internet screening router and blocks internet attacks. the second router is the router that connects to the LAN segment of the customer network and also acts ad a VPN router. so last night, we tried bringing up the tunnel. first we turned on the screening router. this connected back thru our adsl line to the ISC server in the data centre and downloaded its initial config. then we turned on the vpn router and even this router pulled its initial config from the ISC server. but the certification process failed on vpn router. so a couple of steps were used to figure out what the problem is.

Like checking the clock synchronization. then did a debug crypto pki trans and messages. debug ip http server etc. frm wat we got to knw was dat ip packets r generated from the vpn router, reaches the isc server and on its way back goes to another IP that we r not aware of. does dis hav anything to do with Natting from the ISP side. we r using dynamic addressing from the ISP.

another question i have is, that the configs i was sent includes ip addresses for E0 interface. but there's no E0 interface physicall present on the router. but when i do a sh ip int brief, it shows me E0,E1 and four fast eth interfaces. But physically, only E1 and 4 fast eth's exist. Is this a common thing in this series of routers. could this hav something to do with the problem we r facing? oh im soo confused...

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
vkapoor5 Mon, 03/19/2007 - 11:35
User Badges:
  • Bronze, 100 points or more

I think you should check the router at customer premises for physical ports because as per document of c831 it has one ethernet for WAN connectivity with DSL or cable modem and 4 ethernet ports for LAN. The config for E0 could be for first LAN port being used for some different purpose. However if the same config is working in other sites, it should work properly for this also except if there is some change in hardware, IOS or the config itself.

rahulawati Mon, 03/19/2007 - 18:36
User Badges:

yea, as u said, the E1 which is used for wan connectivity is configured for DHCP. and E0 is actually a master interface for the four subinterfaces that are used for lan. the E0 has been assigned an IP address which is used as default gateway for the nodes in the Lan.

rahulawati Mon, 03/19/2007 - 18:38
User Badges:

i was initially confused with those interfaces but juz got it cleared wid my seniors and dats how i got to know that E0 doesnt exist physically but is a logical master interface.. Thanks dude... I'm still looking for the answer to my other question... any idea u think this could relate to or something to do with Natting at the ISP side?


This Discussion