I have a 3660 with two T1's from different providers, running BGP. Our ASN space is on f0/0, with the two T1 serial interfaces having a serial address on their respective provider's networks.
I am attempting to set up an IPSec tunnel, and have done so from either of the serial interfaces (the way I normally do it in smaller offices with a single T1). I then reconfigure the crypto map to be on f0/0, and make other relevant changes on both sides to source this traffic from f0/0. The IPSec negotiates, makes its way thorugh, and on the 3660, I even see an EIGRP peer come up with the remote. This peer eventually drops, and examining the sa's shows that the remote sends, and the 3660 receives, but no packets ever leave the 3660 (on the sa).
Any suggestions on where to start looking for this one, or is there a better/recomended/sample config of a similar setup I could look at?
It's not a recursive route problem....I've seen those before.
I have "solved" it by modifying the remote side as follows:
-add isakmp keys for both serial interfaces (delete the f0/0 isakmp key)
-add a "set peer" for each serial address on the remote (in my crypto map)
-remove the crypto map from f0/0 on the 3660, add it to both serial interfaces.
The rest ramins the same. My GRE tunnel interface on the remote still opints to the f0/0 address on the 3660, and my "match address" list on both routers still goes to/from the f0/0 ip address on the 3660.
I believe this configuration will work if I lose a T1 on the 3660, but I'll need to simulate the failure after hours.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...