IPSec Crypto - Issue

Unanswered Question
May 22nd, 2008

Hello Experts,

We are running HUB & SPOKE Method. HUB is the PEER Router and Spoke are Branch Offices.

Note: 2" PEER Router at HO

The IPSec is established between the HUB & SPOKE Routers. Normally the scenario is: For a Spoke Location when it formed a IPSec session with one HUB Router, when i execute "sh ip route <spoke_LAN_segment>" at PEER Router the results will be know via "STATIC" with which the Crypto Peer has established and in other PEER Router the result will be know via RIP.

Now, in-recent days, we are receving complaints from many SPOKE Locations, unable to open the Application from 2/5" PC's out of 10" PC's for eg.

During this situation, when i execute the "sh ip route <Spoke_LAN_Seg>" the results is known via "STATIC" at both the PEER Router.

In a worst case, we swap the PEER Router relationship and clear the Crypto / SA / Sesssion.

Can someone help / clarify on the same. Thanks in Advance for all your HELP.

Best Regards,

Guru Prasad R

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Edison Ortiz Thu, 05/22/2008 - 05:32

Hi Guru,

I'm trying to understand your problem so forgive me if I get it wrong this time around.

It seems you are using static and dynamic routing (RIP). You are relying on RIP for network advertisement and static as a fallback.

There are times when RIP routing is lost and you are wondering why that's happening.

Am I right, thus far?

You can help us by posting configs and show ip route outputs from that situation as well as a network diagram, if available.





This Discussion