We have deployed a 2800 at the central site and 837s at the remote user sites (hub and spoke topology). We configured EASY VPN on these routers and, when we rolled them out, they all connected without at issue.
However, now, it is necessary to re-address all the remote subnets. Whislt doing this, we have configured new DHCP pools and new ethernet addresses. On some of the routers (about 40 percent) the IKE and IPSec SAs are immediately re-negotitated and traffic passes (extended pings) through the VPN to the central site and beyond. But in the remainder, the IKE and IPSec SAs are negotiated, but the extended pings fail. On some of these, when one changes the IP address of the ethernet back, extended pings are successful. On the remaining routers, no traffic is encrypted.
Has anyone seen this behaviour before? Any ideas on the fix?
Any help would be much appreciated, as this is now becoming a problem.
The Cisco 827 router is usually a DSL customer premises equipment (CPE). In this sample configuration, the Cisco 827 is configured for Point-to-Point Protocol over Ethernet (PPPoE) and is used as a peer in a LAN-to-LAN IPSec tunnel with a Cisco 3600 router. The Cisco 827 is also doing Network Address Translation (NAT) overloading to provide Internet connection for its internal network.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...