Hi
We have deployed a 2800 at the central site and 837s at the remote user sites (hub and spoke topology). We configured EASY VPN on these routers and, when we rolled them out, they all connected without at issue.
However, now, it is necessary to re-address all the remote subnets. Whislt doing this, we have configured new DHCP pools and new ethernet addresses. On some of the routers (about 40 percent) the IKE and IPSec SAs are immediately re-negotitated and traffic passes (extended pings) through the VPN to the central site and beyond. But in the remainder, the IKE and IPSec SAs are negotiated, but the extended pings fail. On some of these, when one changes the IP address of the ethernet back, extended pings are successful. On the remaining routers, no traffic is encrypted.
Has anyone seen this behaviour before? Any ideas on the fix?
Any help would be much appreciated, as this is now becoming a problem.
Rgds
Marc