Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Adding Reverse Route causes 50% loss

I am building some IPSEC tunnels where thje remote locations have Dynamic IP addresses. It works fine, but I need to add more sites, right now I just have the one. When I add the reverse route statement, i start getting 50% packet loss based on ping responses "!.!.!.!.!.!.!.!" If I remove the RR it works fine. "!!!!!!!!!!"  Question is, what am I doing wrong or do I really need the reverse route? Right now the ACL is for the one subnet for current location, but I will be adding more sites. How would I adjust the ACL for more remote subnets if the remote sites are doing split tunneling and the ACLs must match?

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

group 2

lifetime 7200


crypto isakmp key (PASSWORD) address

crypto isakmp invalid-spi-recovery

crypto isakmp keepalive 30 20 periodic


crypto ipsec security-association lifetime seconds 1800


crypto ipsec transform-set NAMECRYPTset esp-3des esp-md5-hmac


crypto dynamic-map NAMECRYPTmap 10

set transform-set NAMECRYPTset

match address 115

Everyone's tags (4)
New Member

Adding Reverse Route causes 50% loss

I removed the reverse route, and also removed  "

match address 115" as neither is needed in this scenario

I think this will be what I am needing, but still curious as to why the RR appears to drop packets> I don;t need it now because I will not be advertising those routes, but still wondering.

CreatePlease login to create content