cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1568
Views
0
Helpful
4
Replies

IPSec VPN tunnel with a Juniper M7i router and a Cisco 3845

jrtuckiii
Level 1
Level 1

Currently, I have an IPSec VPN tunnel that is working between a Juniper M7i router and Cisco 3845 router. The Juniper M7i is in the corporate Internet Gateway while the Cisco 3845 is located at a new remote site we are trying to bring up. I have no issues pinging or tracerouting from the corporate network to the loopback or LAN ethernet interfaces on the Cisco. However, as soon as I try to ping one hop away from the Cisco LAN interface, I receive 50% packet loss. The Cisco LAN interface directly connects to the LAN switch at the remote site and there are no error between the Cisco interface and LAN switch's interface. I am thinking that there might be something wrong with the Cisco putting the packets in the VPN tunnel. Any help will be appreciated. The Cisco and Juniper configuration are attached.

4 Replies 4

Please check the mtu of both the cisco router and juniper router and ensure they are same. If they are same can increase them?

On the Juniper, I can easily change the MTU size on the tunnel-rule-1.

How do I tell what the MTU is on the Cisco and how do I change the MTU? Can I change the MTU on the crypto map?

Thanks.

Thank you for the help. We found it was the Cisco having the problem. We had to turn off ip cef and ip route cache directly on the interface where the cryto map is and that fixed the problem.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco