Cisco 871, 12.4(22)T: VPN tunnel up, VPN LED not lit
As in the thread title - quite an amusing issue:
An 871 running a site to site IPSec VPN - the tunnel is up and running fine, but the LED VPN is never lit. Do you know what criteria does IOS use on the 800 series to decide whether to lit the VPN LED? Does it depend on _which_ interface a crypto map is applied to?
In my case, I have:
fa0,fa1: VLAN20, LAN
fa2,fa3: VLAN10, WAN
It's configured to be sent to a remote site, basically a turn-key setup, so this way it's less likely that someone will have any problems connecting it to their network.
Note that I'm not using fa4 at all - the crypto map is applied to Vlan10 SVI. Can this be the reason why the LED is not lit?
I have a preconfigured "black box" 871 from one of our partners on my network with exactly the same setup (interface-wise) - fa0,fa1 LAN, fa2,wa3 WAN, and the VPN LED is lit. Both 871's run ADVIPSERVICES as they run multicast / PIM.
So, not a critical issue, but I'm just curious - all suggestions very welcome. Any ideas? Can this just be a software / release issue?
Re: Cisco 871, 12.4(22)T: VPN tunnel up, VPN LED not lit
Yes, this looks like a software issue. Have you tried downgrading/upgrading to see if the problem goes away. Eventhough the VPN LED is not lit, this should not cause any issues with the IPSEC Tunnel itself.
One thing worth mentioning is, if you are not able to upgrade/downgrade, just make sure that you update the end user and help desk on this VPN LED Issue and have them include additional steps in troubleshoooting.
Also, below is a bug id that you might be interested in - CSCsv01869
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...