cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
367
Views
0
Helpful
1
Replies

Easy VPN problems - router to router

marcbutler
Level 1
Level 1

Hi

We have deployed a 2800 at the central site and 837s at the remote user sites (hub and spoke topology). We configured EASY VPN on these routers and, when we rolled them out, they all connected without at issue.

However, now, it is necessary to re-address all the remote subnets. Whislt doing this, we have configured new DHCP pools and new ethernet addresses. On some of the routers (about 40 percent) the IKE and IPSec SAs are immediately re-negotitated and traffic passes (extended pings) through the VPN to the central site and beyond. But in the remainder, the IKE and IPSec SAs are negotiated, but the extended pings fail. On some of these, when one changes the IP address of the ethernet back, extended pings are successful. On the remaining routers, no traffic is encrypted.

Has anyone seen this behaviour before? Any ideas on the fix?

Any help would be much appreciated, as this is now becoming a problem.

Rgds

Marc

1 Reply 1

smahbub
Level 6
Level 6

The Cisco 827 router is usually a DSL customer premises equipment (CPE). In this sample configuration, the Cisco 827 is configured for Point-to-Point Protocol over Ethernet (PPPoE) and is used as a peer in a LAN-to-LAN IPSec tunnel with a Cisco 3600 router. The Cisco 827 is also doing Network Address Translation (NAT) overloading to provide Internet connection for its internal network.

http://www.cisco.com/en/US/tech/tk583/tk372/tech_configuration_examples_list.html

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009475c.shtml

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: