While sorting out a different issue for a customer, I noticed that their crypto configurations weren't working (no output from show crypto isakmp sa). At first glance I thought the problem was down to the ACLs being wrong for GRE over IPSEC, as they were configured for the LAN ranges instead of the GRE tunnel source and destination IP addresses.
I undertook to help them out, though it isn't my field of expertise, but I've got a bit stuck.
The (unencrypted) tunnel works fine, and EIGRP forms an adjacency over it.
The branch router is running 12.3 and the core router 12.2. Because of this, I though I'd need to apply the crypto map to both the tunnel and physical interface of the core router, but just to the physical interface of the branch router.
However, it all works fine until I apply the crypto map to the physical interface of the branch router - I lose connectivity and the only way I can get back onto the device is by reloading it. I've also tried applying the crypto map to the tunnel. This allows the tunnel to work, but the encryption still doesn't come up. If I apply it to both the tunnel and the physical interface, I lose connectivity as before.
The configurations as applied are below along with a abridged "show version" for each router. Can anyone help? Upgrading the software is only likely to be an option if it is definitely not solvable in any other way. BTW - both routers have a VPN module, but the one in the branch router appears not to be recognised by the IOS running. I didn't think this would be a problem in itself, though I know it would affect performance.
I mean u have created VPN's between two routers. Transport mode means your VPN tunnels and interesting traffic are same, so generate traffic from the interesting traffice machine (Router) that to extended ping u have to use and check the packets are flowing or not.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...