Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

IPSEC VPN - Routing issues

Hi,

In one of our 1841 router I have configured IPSEC VPN's and having some issues while routing the traffic. The primary link will be Vlan 10 and secondary will be Cellular 0/0/0 interfaces and IPSEC is configured on both. For routing i am using OSPF for the primary path and a default route with higher AD pointing the Cellular interface for the secondary link when the primary fails.

The problem is, when the primary link fails the secondary link comes up and for some reason the traffic is not getting routed via the Cellular interface link. When I remove the VPN configs from the primary interface the traffic is getting routed via the cellular link and every thing is ok. I know if i use two subents for local lan and the primary links the issue will be fixed, but unfortunately i can't do that.

I guess some one will able to help me out to fix this issue. I have attached a diagram which might be helpful.

Thanks

Rajesh

2 REPLIES

Re: IPSEC VPN - Routing issues

Rajesh,

Could you post the configuration excluding sensitive information?

Thanks

Thot

Community Member

Re: IPSEC VPN - Routing issues

Hi there,

I have pasted my configs below.

interface FastEthernet0/1

shutdown

!

interface FastEthernet0/1/0

switchport access vlan 10

!

interface FastEthernet0/1/1

switchport access vlan 10

!

interface FastEthernet0/1/2

switchport access vlan 10

!

interface FastEthernet0/1/3

switchport access vlan 10

!

interface Cellular0/0/0

ip address negotiated

ip access-group IPSec-Filters-In in

ip access-group IPSec-Filters-Out out

encapsulation ppp

dialer in-band

dialer idle-timeout 0

dialer string gsm

dialer-group 1

ppp authentication chap callin

ppp chap hostname xxxxxxx@xxxxxxxxxx.rdsl

ppp chap password xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

crypto map VPN-MAP

!

interface Vlan 10

ip address 10.10.10.2 255.255.255.240

ip access-group IPSec-Filters-In in

ip access-group IPSec-Filters-Out out

ip helper-address 10.10.100.1

ip helper-address 10.10.100.2

ip helper-address 10.10.100.3

no ip redirects

no ip proxy-arp

duplex auto

speed auto

no mop enabled

crypto map VPN-MAP

!

router ospf 1

log-adjacency-changes

network 10.10.10.0 0.0.0.15 area 0

!

ip route 0.0.0.0 0.0.0.0 Cellular0/0/0 200

!

The router will be getting a default route when its connected via primary link through OSPF.

Thanks

Rajesh

133
Views
0
Helpful
2
Replies
CreatePlease to create content