I have a Cisco 2911 that I am configuring for a remote site. I have configured a IPSec Tunnel from our main site ( ASA 5510 ). The Tunnel is up and I can connect from the main site LAN to the address of the 2911 through the IPSec Tunnel. The 2911 is equipped with a 16port switch service module. The switch is configured with an address and I can open a telnet session to the switch. From that session, I am able to reach hosts on the LAN across the IPSec tunnel. However, when I open a telnet session to the 2911 router, I cannot reach hosts on the main site LAN from that address. When I do, the traffic is sent outside of the tunnel instead of inside it. It works from the service module as traffic between the interfaces have the ACL for insteresting traffic applied, but traffic generated from the address of the 2911 router does not seem to get picked up by the ACL on the IPSec tunnel and it is getting the default route applied and going directly to the outside interface instead of to the tunnel. Any ideas on how to make this work?
From the CLI on the 2911, if I ping an address that is on the far side fo the tunnel, I get no response. If I traceroute to the same address, it reveals that the traffic is not entering the tunnel and is being sent directly to the outside interface (internet). If I issue the ping command, and specify the source address as the inside address of the 2911, it gets a response. If I issue the traceroute and specify the source address as the inside address of the 2911, it also completes and reveals that it goes through the tunnel. My problem is that the 2911 router needs to be able to communicate with a radius server that is on the far side of the tunnel, but by default the traffic from the 2911 to the radius server is going to the outside internet interface instead of through the IPSec tunnel.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...