Hello, guys. After updating from 12.2(37) -GD- on 7200 to a 12.3(22) only peers on Frame relay links are able to terminate IPSec tunnels to this 7200. The routers connected to the metroE cannot. If we go back and boot with the 12.2(37) the problem disappears. The configuration is the same. Any suggestions? We are authenticating using RSA and we have 2600s and 2800s as spokes.
My mistake not to post the tests we've run and the items checked. One of the elements we first looked into was the ACL on both sides and they match (mirrored). The thing is, with the very same config, we boot with 12.3(xx) and the issue arises. With 12.2(xx) and without touching the configuration, the problem goes away.
This is what we tried so far with 12.3(22)
on the hub router.
- Different transforms-sets Des and 3des.
- Crypto ACLs ok.
- Upgrade spoke to 12.2(40).
- PFS grupo 2.
- Without PFS and IKE PSK.
- 1500 bytes MTU checked but set it to 1300 for testing porposes.
Note: Tens of other routers (same platforms and IOS release) terminate their tunnels over frame relay links without problem. 20 routers (over metro) out of 120 have this problem.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...