Has anyone out there got a working ipSec config for an 827 using dialer interface they can send me?
I have converted a config from a serial interface router and find the outbound tunnel packets are encrypted but not transmitted as NAT is taking over and the acl is denying them. The crypto session is up okay, and I can send packets the other way.
The NAT config is exactly the same as for a serial router which bench tests fine, without NAT'ing tunnel packets.
that example was one of the ones I've been working from. My senario has static IP's at both sites, with an e-mail server at the main site running through an 805, which is similar to the Cisco example http://www.cisco.com/warp/customer/707/static.html
I think the problem is related to having the 827 having an ATM interface, the ATM subinterface & the Dialer interface, because the exact same config works fine on a serial interface router. I have the local Cisco folk also scratching their heads!
Found the problem. It's called Cisco IOS 12.1(3)XG3
as per the release notes:
For IPSec to work properly on some IPSec interfaces, fast switching must be explicitly disabled by entering the commands no ip route-cache and no ip mroute-cache. This might impact IPSec functionality under certain encapsulation modes.
For example, if you use a dialer interface to configure PPP over ATM encapsulation or PPP over Ethernet encapsulation and apply IPSec to the interface, fast switching must be explicitly disabled for IPSec to work. For a bridge group virtual interface to function properly as an IPSec interface, fast switching must also be disabled. IPSec works properly with fast switching enabled when applied on other interfaces, such as ATM or virtual interfaces.
Fast switching is automatically enabled by default. To work around this problem, disable fast switching on IPSec interfaces.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :