Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Tunnel Leakage?

We have 3 remote sites connected to the main site via a tunnel from a 2621 router at main site to 1721 routers at each remote site via an ISP.

I have been seeing entries in the firewall (PIX) log with the 2621's wan address as the source address. The wan interface is connected to the ISP. Similar entries have shown up in the log with each of the 1721's wan address as the source address. Also, there have been log entries with a public address as the source address. The following is an excerpt of a recent log. Our ip addreses have been changed or x'd.

Mar 15 07:01:11 192.168.3.2/192.168.3.2 %PIX-3-305005: No translation group found for icmp src inside:xxx.xxx.xxx.106 dst outside:69.68.181.31 (type 3, code 3)

Mar 15 07:09:43 192.168.3.2/192.168.3.2 %PIX-3-305005: No translation group found for icmp src inside:xxx.xxx.xxx.106 dst outside:200.117.171.68 (type 3, code 3)

Mar 15 07:29:15 192.168.3.2/192.168.3.2 %PIX-3-305005: No translation group found for udp src inside:152.163.0.0/123 dst outside:207.46.130.100/123

The 2621 has a default route to the main network router to provide Internet access to the remote sites. The 1721's have a default route to the 2621's tunnel interface for each site.

Any help would be appreciated.

Thanks,

Roger

1 REPLY
Silver

Re: Tunnel Leakage?

PIX may be stopping passage of traffic. Reload may solve the problem. If there is a huge amount of access-lists, turbo ACL should be enabled (access-list compiled). Performance drop normally is a matter of too big ACL or too much traffic. It could be that there is a memory problem.

197
Views
0
Helpful
1
Replies