IPSec VPN and CEF load-balance per packet

Unanswered Question
Mar 21st, 2007
User Badges:

Hi all,

I am having problems with CEF load balancing and a pair of VPN IPSec tunnels. Basically I have 2 serial links and I am load balancing between the 2 of them in a per packet fashion without IPSec enabled on the serial links and everything works fine. When I applied the crypto maps on the serial interfaces the load balancing stops working and all the traffic goes only over one of the serial links. I have tried different IOS versions (12.4(3g), 12.4(13), 12.3(22) with the same issue, I was wondering if I have something wrong in the config, I am attaching some outputs.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
didyap Tue, 03/27/2007 - 07:24
User Badges:
  • Silver, 250 points or more

It look like , you hitting the bug:CSCeb03516.

Workaround: Configure GRE tunnels, then route this traffic over a crypto enabled interface that encrypt this traffic. 'ip

load-sharing per-packet' will be configured on the tunnel and crypto interface.


This Discussion