Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Cisco 1811 site-to-site Troubleshoot


I have this 1811 model, with two physical interface FA0 and FA1, both connected to ISP. From these two BGP is running and we re using our own IP network.

There are three VPNs site to site with three equipments:

- Juniper


- Cisco router

All these three are connecting here to one of my own BGP network. In order to assing connectivity I defined Vlan interface

interface Vlan100

ip address 86.107.A.*

no ip redirects

no ip unreachables

no ip proxy-arp


All these three VPN access the same resource, an internal server;

So for all three there are three access lists, like this:

access-list 100 permit ip Internal_CLASS VPN1_Remote

access-list 100 permit ip Internal_CLASS VPN2_Remote

access-list 100 permit ip Internal_CLASS VPN3_Remote

All three were on one crypto map:

crypto map NAME 10 ipsec-isakmp



crypto map NAME 20 ipsec-isakmp



crypto map NAME 30 ipsec-isakmp



applied on Fa1. Since Friday it stopped working;

So without any idead I moved VPN 1 crypto map on Fa0 which was free, and it's working fine.

But I am to assign another crypto map on Fa1: the tunnel goes up, but I have only Decapsulated Packets, and no Encapsulation Packets !!

What can I do in this case? Don't understand what went wrong !

Thanks in advance,


New Member

Re: Cisco 1811 site-to-site Troubleshoot


use a loopback for terminating IPSec.

I applied the crypto map on loopback0 and both physical interfaces and use

crypto map MYMAP local-address loopback0

It works even one interface is down.

Regards, Celio

Re: Cisco 1811 site-to-site Troubleshoot

Last evening the ISP on FastEthernet1, where all the crypto maps were originally applied admit that he had serious problems since Friday 'till yesterday afternoon!!

Now I have all three VPN kept into one crypto map on FastEthernet0:

crypto map Fa0_map local-address Vlan100

crypto map Fa0_map 20 ipsec-isakmp

crypto map Fa0_map 30 ipsec-isakmp

crypto map Fa0_map 40 ipsec-isakmp

If I am to create an identical crypto map: Fa1_map and apply it on Fa1 which of the two interfaces will be used for VPN ?

CreatePlease login to create content