Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
bjo
New Member

IPsec LAN-to-LAN with RRI and host routes

I am setting up a LAN-to-LAN connection on a 3030 concentrator, where the "Local network" and "Remote network" are actually host entries (AAA.BBB.CCC.DDD, wildcard mask 0.0.0.0). When I try to enable Reverse route injection for this tunnel, it saves OK (when i Apply), but when I check the config it still says routing is "none", and the logs show an error:

14589 03/05/2003 12:31:30.970 SEV=4 BMGT/29 RPT=6

Attempting to specify an Aggregate Group reservation [ 961150977 bps ] on Group [ AAA.BBB.CCC.DDD ] Interface [ 2 ] which is outside the range of a minimum of...

Surely, this must be a bug?

I have added a static route on the concentrator, but the traffic still doesn't "hit" the tunnel, so something is obviously wrong.

Would there be a better way to configure this (an IPsec tunnel permitting traffic between only two hosts)? E.g. setting up the LAN-to-LAN with the actual subnets, and using a filter to limit the traffic to just the two hosts?

(I have successfully configured several LAN-to-LAN tunnels, using RRI, but that has always been subnet(s)-to-subnet(s), not just host-to-host...)

4 REPLIES
New Member

Re: IPsec LAN-to-LAN with RRI and host routes

Your error message seems to indicate a bandwidth management problem. The traffic on the interface might be exceeeding the bandwidth that has been assigned by you. To see if you have any bandwidth configurations, go to Configuration > Interfaces, choose interface 2 and click 'bandwidth'.

New Member

Re: IPsec LAN-to-LAN with RRI and host routes

This is exactly the same error message that i'm recieving whe trying to establish a LAN-to-LAN link between to 3005 units. Even the bps number (961150977) is exactly the same.

I've check the bandwidth setting for the public IF and the option is not even checked.

can anyone assist please

many thanks

Gary

Oh! not sure if this is of any use - one 3005 is connected using a 2mb leased line, the other is over a 2mb ADSL circuit

New Member

Re: IPsec LAN-to-LAN with RRI and host routes

I got also same error, when i'm tried to estabilish L2L connection.

55435 05/13/2004 16:25:10.300 SEV=4 BMGT/29 RPT=5

Attempting to specify an Aggregate Group reservation [ 961150977 bps ] on Group

[ 192.168.61.2 ] Interface [ 2 ] which is outside the range of a minimum of [ 80

00 bps ] to a maximum of [ 100000000 bps ] (note: the true max is dependant upon

the interface link rate to which the group is applied).

can anyone suggest on that

thanks

bchinbaa

New Member

Re: IPsec LAN-to-LAN with RRI and host routes

I am also having similar message. I checked as per your suggestion. Bandwidth is not enabled. So why this message ?? I do not see any message for this VPN in the vpn-log.

Tried differentIKE propsosals but no difference.

- Also where can i find explanation for VPN messages ?

appreciate your reply,

294
Views
0
Helpful
4
Replies
CreatePlease to create content