Dynamic VPN on Cisco 7609

Unanswered Question
May 1st, 2008
User Badges:

Dear all,

I am trying to implement Dynamic VPN on a Cisco 7609 (IOS 12.2<18>SXF13) & when I connect to this router through a Cisco VPN Client, an IPSEC tunnel is established.

When I issue "sh crypto ipsec sa" encrypted & decrypted packets are not equal & Split tunneling is also not working properly. Is anyone facing similar issue on this platform as same testing is working fine on low end series routers.

Any help in this regard would be appreciable.


crypto isakmp policy 10

encr 3des

authentication pre-share

group 2


crypto isakmp client configuration group TEST

key test123

pool LOCAL


crypto isakmp profile TESTPROFILE

match identity group TEST

client authentication list USERAUTH

isakmp authorization list USERAUTH

client configuration address respond



crypto ipsec transform-set CISCO esp-3des esp-sha-hmac


crypto dynamic-map DYNAMIC 10

set transform-set CISCO

set isakmp-profile TESTPROFILE




crypto map TESTVPN 10 ipsec-isakmp dynamic DYNAMIC

ip local pool LOCAL

ip access-list extended SPLIT

permit ip any

permit ip any




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mchin345 Wed, 05/07/2008 - 12:47
User Badges:
  • Silver, 250 points or more

Both encrypted ( to be decrypted ) and unencrypted( to be encrypted ) packets will be sent to the VPN module . and the sum of these two is equal to the packets out figure


This Discussion