Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Adding Reverse Route causes 50% loss

I am building some IPSEC tunnels where thje remote locations have Dynamic IP addresses. It works fine, but I need to add more sites, right now I just have the one. When I add the reverse route statement, i start getting 50% packet loss based on ping responses "!.!.!.!.!.!.!.!" If I remove the RR it works fine. "!!!!!!!!!!"  Question is, what am I doing wrong or do I really need the reverse route? Right now the ACL is for the one subnet for current location, but I will be adding more sites. How would I adjust the ACL for more remote subnets if the remote sites are doing split tunneling and the ACLs must match?

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

group 2

lifetime 7200

!

crypto isakmp key (PASSWORD) address 0.0.0.0 0.0.0.0

crypto isakmp invalid-spi-recovery

crypto isakmp keepalive 30 20 periodic

!

crypto ipsec security-association lifetime seconds 1800

!

crypto ipsec transform-set NAMECRYPTset esp-3des esp-md5-hmac

!

crypto dynamic-map NAMECRYPTmap 10

set transform-set NAMECRYPTset

match address 115

Everyone's tags (4)
1 REPLY
New Member

Adding Reverse Route causes 50% loss

I removed the reverse route, and also removed  "

match address 115" as neither is needed in this scenario

I think this will be what I am needing, but still curious as to why the RR appears to drop packets> I don;t need it now because I will not be advertising those routes, but still wondering.

275
Views
0
Helpful
1
Replies
CreatePlease login to create content