01-22-2008 01:06 AM - edited 03-09-2019 07:55 PM
SCENARIO:
-3800X2 connected thru leased line
-routing prot is RIP
-vpn with gre configured
-(access-list premit gre host 192.168.1.1 host 192.168.1.2)
OBSERVATION;
-without transferring any traffic from point lanA to point lanB, sh crypto ipsec sa will show packets encrypted which i could say they are the RIP updates.
-pinging from lanA to lanB doesnt make any difference in the packets encrypted and decrypted in the SHOW CRYPTO IPSEC SA. Encrypted traffic is increased but they are from the RIP updates (not from my continous ping)
QUESTION:
-how will i encrypt my traffic from lanA to lanB.
01-22-2008 06:41 AM
In order to encrypt traffic from LanA to LanB, traffic has to flow across the GRE Tunnel first and then GRE will be encrypted by IPSEC.
So, if you do a show ip route xxx for LanB on the LanA router, does it point to the tunnel. If this is deployment is in production and if you do not want to play with the dynamic routing table to to test, can you add a simple static route just for one host to point to the GRE Tunnel and test it.
I hope it helps
Regards,
Arul
** Please rate if it helps **
01-22-2008 10:06 PM
rip route remains and i could reach the other end..theres no problem with the connectivity now and i could see the isakmp sa and ipsec sa doing thjere job.
The problem we have to make sure that traffic between lanA and lanB are secured. I couldnt see that in SH CRYPTO IPSEC SA. I could see only a few which i guess are the rip realated thing coz it does increase only after say 40 sec.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: