Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Upgrade from 12.2 to 12.3 breaks IPSec

I recently upgraded a 1710 router from 12.2 to 12.3. The router was setup to do IPSec/GRE tunnels. After the upgrade, the router refuses to encapsulate any interesting traffic?! I checked and the config looks the same except for some misc. commands that 12.3 added. The ACL's and routing are the same. However, when I generate traffic for the tunnel the "sho cry ips sa" command shows 0 packets encap and 0 packet send errors. I removed and reapplied the crypto maps and that didn't do any good.

Any suggestions?

Thanks,

Diego

1 REPLY
New Member

Re: Upgrade from 12.2 to 12.3 breaks IPSec

Before the router encrypts data it must successfully negotiate the Key and Encryption Domain.

Are you getting a successful phase 1 negotiation?

If you do a "show crypto isa sa" does your router show QM_IDLE with the peer.

In your Source / Dest columns is it using your outbound ISP address or the GRE Source address? (i.e Did the default mode change Tunnel vs. Transport modes)

~ron

CCNP, CCDA, CNE

78
Views
0
Helpful
1
Replies