Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Dialer Backup link stops working after Crypto Map is applied on the Dialer

Hi,

When the Crypto Map with IPSec configuration is applied on the Dialer Interfaces between two Locations (Branch & Data Center) - I have noticed Branch Location's ISDN Dialer interface configured as Backup for its E1 Leased Line is not establishing the Backup connection to the Data Center. The problem here is after the Crypto Map is applied on the Dialer Interface and when the Primary Leased Line fails, the Branch never places a call to the Data Center (verified on the Data Center router - sh isdn active / sh isdn history). Hence no IP / Layer 3 connectivity.

But when the Crypto Map is removed from the Dialer Interfaces. It all works fine, Branch successfully places a call to the Data Center and then IP Connectivity for forwarding the traffic.

Attached are the configuration of ISDN Backup and the IPSec / Crypto Map configuration of Branch & Data Center.

Please, REQUEST some one to help me solve this problem.

Regards,

Keshava Raju.

3 REPLIES

Re: Dialer Backup link stops working after Crypto Map is applied

Hi,

can you try config the dailer inter as below:

- conf t

- interface

- ip tcp adjust-mss 1200

Hope this helps

regards

pravin

Community Member

Re: Dialer Backup link stops working after Crypto Map is applied

Hi Mr. Praveen,

I have tried configuring ip tcp adjust-mss on the LAN interface of the Branch and the DC Router. Still the status is same and ISDN at the Branch do not work once Crypto Map is applied.

It is a Cisco 3825 Router at both Branch and DC end with IOS 12.4 (3)G.

Can this be a IOS Bug issue? infact i have tried upgrading it to 12.4 (10), downgrading to 12.4 (3) and 12.3 (11)YZ2. Still it does'nt work.

Re: Dialer Backup link stops working after Crypto Map is applied

Hi,

It can be a bug but not so sure.

It seems to be a bit difficult for me to understand the way you have configured the crypto.

I would suggest you to add the dialer interface in the access-list on both sides of the router.

access-list 116 permit ip host 172.255.1.10 128.200.0.0 0.0.255.255

Regards,

Pravin

244
Views
0
Helpful
3
Replies
CreatePlease to create content