Hi,
I do have an issue with VPN clients. The VPN client can connect, but no traffic is routed. I switched on debugging and notice that a packet is decrypted sucessful but dropped by CEF.
I got following messages:
post_crypto_ip_decrypt: Data just decrypted, 52 bytes
PostDecrypt: Particle based pak cef switched 3
CEF-Drop: Stalled adjacency for 0.0.0.0 on Virtual-Access2 for destination ...
Does anybody have an idea?
C2811 IOS 12.4(15)T1
VPN Client WindowsXP 5.0, MacOS X, ...
Here is a part of the config
ip cef
!
interface Loopback0
no ip address
!
interface FastEthernet0/0
description LAN
ip address 192.168.2.1 255.255.255.0
no ip proxy-arp
ip nat inside
ip virtual-reassembly
!
interface Virtual-Template2 type tunnel
ip unnumbered Loopback0
ip virtual-reassembly
tunnel source Loopback0
tunnel mode ipsec ipv4
tunnel protection ipsec profile SDM_Profile1
!
crypto ipsec profile SDM_Profile1
set transform-set ESP-3DES-SHA
set isakmp-profile sdm-ike-profile-1
!
crypto isakmp client configuration group XXX
key YYY
dns 192.168.2.21 192.168.2.22
wins 192.168.2.2 192.168.2.23
domain mydomain.com
pool Pool_VPN
acl 100
save-password
split-dns mydomain.com
max-users 4
!
crypto isakmp profile sdm-ike-profile-1
match identity group XXX
client authentication list sdm_vpn_xauth_ml_1
isakmp authorization list sdm_vpn_group_ml_1
client configuration address respond
virtual-template 2
!
This config was working with IOS 12.4(11)XJ2.