I am setting up a LAN-to-LAN connection on a 3030 concentrator, where the "Local network" and "Remote network" are actually host entries (AAA.BBB.CCC.DDD, wildcard mask 0.0.0.0). When I try to enable Reverse route injection for this tunnel, it saves OK (when i Apply), but when I check the config it still says routing is "none", and the logs show an error:
14589 03/05/2003 12:31:30.970 SEV=4 BMGT/29 RPT=6
Attempting to specify an Aggregate Group reservation [ 961150977 bps ] on Group [ AAA.BBB.CCC.DDD ] Interface [ 2 ] which is outside the range of a minimum of...
Surely, this must be a bug?
I have added a static route on the concentrator, but the traffic still doesn't "hit" the tunnel, so something is obviously wrong.
Would there be a better way to configure this (an IPsec tunnel permitting traffic between only two hosts)? E.g. setting up the LAN-to-LAN with the actual subnets, and using a filter to limit the traffic to just the two hosts?
(I have successfully configured several LAN-to-LAN tunnels, using RRI, but that has always been subnet(s)-to-subnet(s), not just host-to-host...)
Your error message seems to indicate a bandwidth management problem. The traffic on the interface might be exceeeding the bandwidth that has been assigned by you. To see if you have any bandwidth configurations, go to Configuration > Interfaces, choose interface 2 and click 'bandwidth'.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :