Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPSEC - ESP not working after changing transit router

I replaced a 3640 transit router with a 7204 and it broke my network-to-network tunnel between (2) 2600 IOS VPN. The tunnel is up but the networks can not ping each other. When I failback to the 3640 the networks can ping each other again.

4 REPLIES
Bronze

Re: IPSEC - ESP not working after changing transit router

Hi there,

You will need to do some additional troubleshooting to find out the cause of the problem. What you can do is to check if the 2600 router on one side is encrypting the tunnel. If it is, try and see if the other side is decrypting it and vice-versa. If you are not getting the packets on the other side of the tunnel, then you might have to do debug ip packet with an ACL applied on the 7200 router to see what's going on with the ESP packets

Jazib

New Member

Re: IPSEC - ESP not working after changing transit router

I was able to see that encrypt and decrypt counters were incrementing on both ends when I did a sh crypto engine connections active. But is that ESP?

Bronze

Re: IPSEC - ESP not working after changing transit router

If you saw encrypts/decrypts, then it seems like your router is getting the ESP packets from the other side. Encrypts/decrypts counters are ESP packets, unless you are using NAT-T which is introduced in 12.2(15)T

Jazib

New Member

Re: IPSEC - ESP not working after changing transit router

After futher debug i received this mesage:

3w0d: IP: s=65.118.89.130 (FastEthernet0/0), d=208.45.249.68 (FastEthernet0/1), len 112, encapsulation failed, proto=50

The encapsulation is failing., But it only fails when the 7200 is in place when I replace the router with the legacy transit router everything is ok. Is this an ARP issue. If so where does the problem lie.

127
Views
0
Helpful
4
Replies