Dynamic VPN on Cisco 7609

Unanswered Question
May 1st, 2008
User Badges:

Dear all,


I am trying to implement Dynamic VPN on a Cisco 7609 (IOS 12.2<18>SXF13) & when I connect to this router through a Cisco VPN Client, an IPSEC tunnel is established.


When I issue "sh crypto ipsec sa" encrypted & decrypted packets are not equal & Split tunneling is also not working properly. Is anyone facing similar issue on this platform as same testing is working fine on low end series routers.


Any help in this regard would be appreciable.


**************************************

crypto isakmp policy 10

encr 3des

authentication pre-share

group 2

!

crypto isakmp client configuration group TEST

key test123

pool LOCAL

acl SPLIT

crypto isakmp profile TESTPROFILE

match identity group TEST

client authentication list USERAUTH

isakmp authorization list USERAUTH

client configuration address respond

!

!

crypto ipsec transform-set CISCO esp-3des esp-sha-hmac

!

crypto dynamic-map DYNAMIC 10

set transform-set CISCO

set isakmp-profile TESTPROFILE

reverse-route

!

!

crypto map TESTVPN 10 ipsec-isakmp dynamic DYNAMIC


ip local pool LOCAL 172.16.1.1 172.16.1.254


ip access-list extended SPLIT

permit ip 172.16.0.0 0.0.255.255 any

permit ip 192.168.0.0 0.0.255.255 any


**************************************



Regards,


Akhtar

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mchin345 Wed, 05/07/2008 - 12:47
User Badges:
  • Silver, 250 points or more

Both encrypted ( to be decrypted ) and unencrypted( to be encrypted ) packets will be sent to the VPN module . and the sum of these two is equal to the packets out figure


Actions

This Discussion