Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN IPSec routing problems

Hi

I'm having some problems to route packets to internal hosts through an IPSec tunnel.

Tunnel is mounted correctly but when I try to ping any internal host (i.e.192.168.2.1) I receive icmp reply from public ip (ip endtunnel) . I cannot telnet hosts etc...

When I configure reverse route I receive icmp replies (from public ip) , when I remove reverse route command I don't receive any answer

Any suggests?

thanks a lot

1 REPLY
New Member

Re: VPN IPSec routing problems

Before enabling reverse route IP routing should be enabled and static routes should be redistributed if dynamic routing protocols are to be used to propagate RRI-generated static routes. If RRI is applied to a crypto map, that map must be unique to one interface on the router. In other words, the same crypto map cannot be applied to multiple interfaces. If more than one crypto map is applied to multiple interfaces, routes may not be cleaned up correctly. If multiple interfaces require a crypto map, each must use a uniquely defined map. In the case of the reverse route command and remote peer keyword options, two routes are created for each unique IP Security (IPSec) security association (SA) flow pair. The two-route creation may lead to large numbers of routes being injected into routing tables.

110
Views
5
Helpful
1
Replies
CreatePlease to create content