Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
532
Views
0
Helpful
2
Replies

IPSec VPN and CEF load-balance per packet

vicente.madrigal
Level 1
Level 1

‎03-21-2007 08:46 AM - edited ‎02-21-2020 02:56 PM

Hi all,

I am having problems with CEF load balancing and a pair of VPN IPSec tunnels. Basically I have 2 serial links and I am load balancing between the 2 of them in a per packet fashion without IPSec enabled on the serial links and everything works fine. When I applied the crypto maps on the serial interfaces the load balancing stops working and all the traffic goes only over one of the serial links. I have tried different IOS versions (12.4(3g), 12.4(13), 12.3(22) with the same issue, I was wondering if I have something wrong in the config, I am attaching some outputs.

Labels:
Preview file
13 KB
0 Helpful
2 Replies 2

didyap
Level 6
Level 6

‎03-27-2007 07:24 AM

It look like , you hitting the bug:CSCeb03516.

Workaround: Configure GRE tunnels, then route this traffic over a crypto enabled interface that encrypt this traffic. 'ip

load-sharing per-packet' will be configured on the tunnel and crypto interface.

0 Helpful

vicente.madrigal
Level 1
Level 1
In response to didyap

‎03-27-2007 10:02 AM

Hi didyap,

I am not able to find that bug ID (CSCeb03516), could you send me the link or the bug description?

regards!

vicente

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents