I have a problem puzzling me up for a long time now. I have a 800 series router connected to Internet through ADSL. This line is used as a backup link to our data center from our main office. To accomplish this in a secure and transparent way I builded up a GRE tunnel between the 800 and the edge router in the DC, with the intention of protecting it with IPSec.
So the tunnel is up and I can connect with every device and server in the DC from office, but at the very moment I put the protection in the tunnel, I can only reach the border router, but no any other downstream device anymore.
A diagram to illustrate:
GRE w/o IPSec
(Office):870:Tu0---->GRE through Internet----->Tu0:BorderRouter----->DistributionL3switch---->Servers; It works all the path long
GRE w IPSec (using tunnel protection ipsec)
(Office):870:Tu0---->GRE through Internet----->BorderRouter--X-->DistributionL3switch---->Servers; It works to the border router interfaces, but I get no responses from downstream devices. If I test from the servers upstream, I can only reach to the L3switch interfaces, but no further away.
I've checked configs, routing, changed to crypto maps... Nothing. Any idea?
Thanks in advance