I do have an issue with VPN clients. The VPN client can connect, but no traffic is routed. I switched on debugging and notice that a packet is decrypted sucessful but dropped by CEF.
I got following messages:
post_crypto_ip_decrypt: Data just decrypted, 52 bytes
PostDecrypt: Particle based pak cef switched 3
CEF-Drop: Stalled adjacency for 0.0.0.0 on Virtual-Access2 for destination ...
Does anybody have an idea?
C2811 IOS 12.4(15)T1
VPN Client WindowsXP 5.0, MacOS X, ...
Here is a part of the config
no ip address
ip address 192.168.2.1 255.255.255.0
no ip proxy-arp
ip nat inside
interface Virtual-Template2 type tunnel
ip unnumbered Loopback0
tunnel source Loopback0
tunnel mode ipsec ipv4
tunnel protection ipsec profile SDM_Profile1
crypto ipsec profile SDM_Profile1
set transform-set ESP-3DES-SHA
set isakmp-profile sdm-ike-profile-1
crypto isakmp client configuration group XXX
dns 192.168.2.21 192.168.2.22
wins 192.168.2.2 192.168.2.23
crypto isakmp profile sdm-ike-profile-1
match identity group XXX
client authentication list sdm_vpn_xauth_ml_1
isakmp authorization list sdm_vpn_group_ml_1
client configuration address respond
This config was working with IOS 12.4(11)XJ2.