Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
253
Views
0
Helpful
1
Replies

MPLS Aware IPSec VPN using SPA-IPSEC-2G

p.danielsen
Level 1
Level 1

‎11-24-2007 12:09 PM - edited ‎02-21-2020 03:23 PM

Question everyone on a strange problem,

I just setup up a configuration running MPLS aware IPSec VPN using an SPA-IPSEC-2G module,

If I from the internal interface, try to ping the remote end, of the VPN tunnel, there is no problem, then I add a router on the backend of the central VPN router, connected direct to the same IP subnet, the backend router, is not able to ping the inside interface of the central VPN router, when removing "crypto map TEST" its possible to ping between Backend and Central VPN,

Tried to put on an access-list on the interface,when "crypto map" is off, the access-list counts up, when adding the "crypto map" nothing happens on the access-list,

[backend] 172.31.110.128/28 [Central VPN] 131.x.x.64/28 [@] 131.x.x.252/30 [Remote VPN] 172.31.110.1 [loopback]

Configuration is don by using interface Vlan ,

Any hints,

Best regards

Peter

Labels:
0 Helpful
1 Reply 1

smalkeric
Level 6
Level 6

‎11-29-2007 02:28 PM

crypto map should not be applied to an interface if there is a entry with no match address defined.

http://www.cisco.com/en/US/products/hw/routers/ps368/module_installation_and_configuration_guides_chapter09186a00804d35a6.html

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents