Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
189
Views
0
Helpful
1
Replies

sw tunnel through a 3002 hw tunnel fails

johan.bjorni
Level 1
Level 1

‎09-11-2003 05:45 AM - edited ‎03-09-2019 04:45 AM

Situation:

PC--neta-->3002----internet--->3005---netb--->FW---internet---->PIX

I can establish a vpn tunnel with PIX from netb from a PC. When I try to establish a tunnel from PC on neta

it fails.

Anyone know if it is posible to have a sw tunnel inside a 3002 hw tunnel. I have tried

different mtu settings on the PC.

The client (3.6.6) error is DEL_REASON_PEER_NOT_RESPONDING.

Labels:
0 Helpful
1 Reply 1

gfullage
Cisco Employee
Cisco Employee

‎09-11-2003 04:43 PM

I presume the existing tunnel is between the 3002 and the 3005, not the PIX, correct? What version are you running on the 3005?

There is a bug in 3.6 code where the concentrator will just blindly strip off IPSec headers on a packet until it gets to a non-IPSec header, even though those headers may not be destined for it specifically. For example, it would strip off the IPsec header for the 3002-3005 tunnel, but then it would see another IPSec header for the PC-PIX tunnel, rathern than forward this on it will strip off this IPSec header also, the ndrop the packet cause it's not valid for it.

Bug ID is CSCdz38146, details are here:

http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdz38146&Submit=Search

Upgrade to one of the Fixed-In Versions and it should resolve your problem.

0 Helpful
Customers Also Viewed These Support Documents