08-04-2010 02:26 PM
Have this weird issue with VTI tunnels on a 7606 running 12.2(33)SRE1 and several remote offices
1. When IPSec communication is established between two remote offices (this is with two VTI tunnels to the 7606), one remote office fails to connect to the other office unless we send the whole EIGRP routes belonging to the remote offices. When only the 0.0.0.0/0 route is sent from the 7606 to the remote offices, the remote offices can´t communicate between each other.
2. When one remote office is VTI and the other office is a plain GRE tunnel they can´t communicate at all unless we add the tunnel checksum command at either side but we would like to avoid it due to resource consumption
Any help is grately appreciated since we don´t want to send the whole EIGRP table to each and every remote office.
Central Site 7606:
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 5
crypto isakmp key 5KJfjp$6Q1@4f4xi address 10.10.1.253
crypto isakmp keepalive 60 10
!
crypto ipsec security-association lifetime kilobytes 1000000
crypto ipsec security-association lifetime seconds 28800
!
crypto ipsec transform-set ESP-AES256-SHA esp-aes 256 esp-sha-hmac
!
crypto ipsec profile IPSEC
set transform-set ESP-AES256-SHA
set pfs group5
!
interface Tunnel1
description to remote office 1
bandwidth 10000
ip address 10.10.1.78 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1400
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 KEY
ip flow ingress
ip flow egress
load-interval 60
delay 100
tunnel source 10.10.1.78
tunnel mode ipsec ipv4
tunnel destination 10.10.1.253
tunnel protection ipsec profile IPSEC
max-reserved-bandwidth 100
!
08-09-2010 03:44 PM
Help please!
Any ideas why two remote offices can´t communicate between them through a 7606 when one office is VTI tunnel to the 7606 and the other office is plain GRE.
They won´t talk unless the "tunnel checksum" is enable on the GRE connection but since it´s CPU intensive we can´t use it.
Thanks, Jorge
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide