IPSec VPN tunnel with a Juniper M7i router and a Cisco 3845

Unanswered Question
Apr 15th, 2009
User Badges:

Currently, I have an IPSec VPN tunnel that is working between a Juniper M7i router and Cisco 3845 router. The Juniper M7i is in the corporate Internet Gateway while the Cisco 3845 is located at a new remote site we are trying to bring up. I have no issues pinging or tracerouting from the corporate network to the loopback or LAN ethernet interfaces on the Cisco. However, as soon as I try to ping one hop away from the Cisco LAN interface, I receive 50% packet loss. The Cisco LAN interface directly connects to the LAN switch at the remote site and there are no error between the Cisco interface and LAN switch's interface. I am thinking that there might be something wrong with the Cisco putting the packets in the VPN tunnel. Any help will be appreciated. The Cisco and Juniper configuration are attached.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
stephen.sanyaol... Wed, 04/15/2009 - 05:38
User Badges:

Please check the mtu of both the cisco router and juniper router and ensure they are same. If they are same can increase them?

jrtuckiii Wed, 04/15/2009 - 06:24
User Badges:

On the Juniper, I can easily change the MTU size on the tunnel-rule-1.

How do I tell what the MTU is on the Cisco and how do I change the MTU? Can I change the MTU on the crypto map?


jrtuckiii Thu, 04/16/2009 - 04:25
User Badges:

Thank you for the help. We found it was the Cisco having the problem. We had to turn off ip cef and ip route cache directly on the interface where the cryto map is and that fixed the problem.


This Discussion