Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > BGP and crypto map

Reply
Thread Tools

BGP and crypto map

 
 
Dave Enenkel
Guest
Posts: n/a
 
      11-10-2003
Hy everybody,

at the moment i have a strange behaviour with one of my routers. It's
a 7120 (12.2.15 T7)where i'm running bgp and vpn stuff on. The problem
i got at the moment is, that everytime i enable a crypto map on my
serial interface my bgp session to my providers router goes down.
After i debuged a lot of stuff and made some testings i really thing
it's a bug but maybe i missed something. Did someone had similar
problems ??

Thanx in advance for reponds

D@ve
 
Reply With Quote
 
 
 
 
CCIE8122
Guest
Posts: n/a
 
      11-11-2003
> Hy everybody,
>
> at the moment i have a strange behaviour with one of my routers. It's
> a 7120 (12.2.15 T7)where i'm running bgp and vpn stuff on. The problem
> i got at the moment is, that everytime i enable a crypto map on my
> serial interface my bgp session to my providers router goes down.
> After i debuged a lot of stuff and made some testings i really thing
> it's a bug but maybe i missed something. Did someone had similar
> problems ??
>
> Thanx in advance for reponds
>
> D@ve


You gotta post a config, else there is really no way to help you.

kr

 
Reply With Quote
 
 
 
 
Vidyaranya Maddi
Guest
Posts: n/a
 
      11-13-2003
How does your ACL's look ? As CCIE8122 mentioned, configs are required.

Dave Enenkel wrote:

> Hy everybody,
>
> at the moment i have a strange behaviour with one of my routers. It's
> a 7120 (12.2.15 T7)where i'm running bgp and vpn stuff on. The problem
> i got at the moment is, that everytime i enable a crypto map on my
> serial interface my bgp session to my providers router goes down.
> After i debuged a lot of stuff and made some testings i really thing
> it's a bug but maybe i missed something. Did someone had similar
> problems ??
>
> Thanx in advance for reponds
>
> D@ve


 
Reply With Quote
 
Ariel Taranto
Guest
Posts: n/a
 
      11-14-2003
Are you using route-maps to match the nexthop ?


Tijuana, mexico


http://www.velocityreviews.com/forums/(E-Mail Removed) (Dave Enenkel) wrote in message news:<(E-Mail Removed) om>...
> Hy everybody,
>
> at the moment i have a strange behaviour with one of my routers. It's
> a 7120 (12.2.15 T7)where i'm running bgp and vpn stuff on. The problem
> i got at the moment is, that everytime i enable a crypto map on my
> serial interface my bgp session to my providers router goes down.
> After i debuged a lot of stuff and made some testings i really thing
> it's a bug but maybe i missed something. Did someone had similar
> problems ??
>
> Thanx in advance for reponds
>
> D@ve

 
Reply With Quote
 
Dave Enenkel
Guest
Posts: n/a
 
      11-14-2003
I'm using route maps for the BGP config. For VPN i use static routes.
D@ve
(E-Mail Removed) (Ariel Taranto) wrote in message news:<(E-Mail Removed). com>...
> Are you using route-maps to match the nexthop ?
>
>
> Tijuana, mexico
>
>
> (E-Mail Removed) (Dave Enenkel) wrote in message news:<(E-Mail Removed) om>...
> > Hy everybody,
> >
> > at the moment i have a strange behaviour with one of my routers. It's
> > a 7120 (12.2.15 T7)where i'm running bgp and vpn stuff on. The problem
> > i got at the moment is, that everytime i enable a crypto map on my
> > serial interface my bgp session to my providers router goes down.
> > After i debuged a lot of stuff and made some testings i really thing
> > it's a bug but maybe i missed something. Did someone had similar
> > problems ??
> >
> > Thanx in advance for reponds
> >
> > D@ve

 
Reply With Quote
 
Dave Enenkel
Guest
Posts: n/a
 
      11-14-2003
Hy,

appended you find an extract of my config.


ip subnet-zero
no ip source-route
!
!
no ip domain lookup
!
no ip cef
!
!!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
lifetime 28800
!
crypto isakmp key xxxxxxx address xx.xx.xx.xx no-xauth
!
!
crypto ipsec transform-set Test-vpn esp-3des esp-sha-hmac
!
crypto map Test-vpn 10 ipsec-isakmp
set peer xx.xx.xx.xx
set transform-set NS-Strong
match address 175


!
!
interface Serial1/0
bandwidth 1984
ip address xx.xx.xx.xx 255.255.255.252
ip access-group 110 in
no ip route-cache
no ip mroute-cache
load-interval 60
down-when-looped
serial restart_delay 0
no fair-queue
no cdp enable
crypto map Test-vpn
!
router bgp xxxx
no synchronization
bgp router-id xx.xx.xx.xx
bgp log-neighbor-changes
network xx.xx.xx.xx
neighbor <Provider-Router> remote-as xx
neighbor <Provider-Router> send-community
neighbor <Provider-Router> soft-reconfiguration inbound
neighbor <Provider-Router> route-map IN in
neighbor <Provider-Router> route-map OUT out
neighbor <my-other-redundant-router> remote-as xxxx
neighbor <my-other-redundant-router> update-source Loopback0
neighbor <my-other-redundant-router> next-hop-self
neighbor <my-other-redundant-router> send-community
no auto-summary
!
ip classless
ip route VPN-network serial 1/0
no ip http server
no ip http secure-server
!
ip bgp-community new-format
ip as-path access-list 1 permit ^$
ip as-path access-list 2 permit ^xxx_
!
ip prefix-list NO-SUBNET seq 5 permit 0.0.0.0/0 ge 25
!
access-list 110 permit icmp any any unreachable
access-list 110 permit icmp any any source-quench
access-list 110 permit icmp any any time-exceeded
access-list 110 permit icmp any any parameter-problem
access-list 110 permit icmp any any conversion-error
access-list 110 permit icmp any xxxxxxx echo-reply
access-list 110 deny icmp any any
access-list 110 permit ip any any
access-list 110 permit esp any any
access-list 175 permit ip xxxx xxxxxx
no cdp run
!
route-map OUT permit 10
match as-path 1
set as-path prepend xxx xxx xxx
!
route-map OUT deny 20
!
route-map IN deny 5
match ip address prefix-list NO-SUBNET
!
route-map IN permit 10
match as-path 2
set local-preference 90






CCIE8122 <(E-Mail Removed)> wrote in message news:<bopnpa$n77$(E-Mail Removed)>...
> > Hy everybody,
> >
> > at the moment i have a strange behaviour with one of my routers. It's
> > a 7120 (12.2.15 T7)where i'm running bgp and vpn stuff on. The problem
> > i got at the moment is, that everytime i enable a crypto map on my
> > serial interface my bgp session to my providers router goes down.
> > After i debuged a lot of stuff and made some testings i really thing
> > it's a bug but maybe i missed something. Did someone had similar
> > problems ??
> >
> > Thanx in advance for reponds
> >
> > D@ve

>
> You gotta post a config, else there is really no way to help you.
>
> kr

 
Reply With Quote
 
Dave Enenkel
Guest
Posts: n/a
 
      11-19-2003
Hy everybody,

Cisco TAC helped us to find the problem. The IOS is a litlle bit
sensitive regarding the vpn config. We had a dynamic crypto map entry
in our config (as a template) with a link to a access list where the
access list itself was not configured.
After setting the access lists the problem vanished.

Thanx for all the reponses

D@ve




(E-Mail Removed) (Dave Enenkel) wrote in message news:<(E-Mail Removed). com>...
> I'm using route maps for the BGP config. For VPN i use static routes.
> D@ve
> (E-Mail Removed) (Ariel Taranto) wrote in message news:<(E-Mail Removed). com>...
> > Are you using route-maps to match the nexthop ?
> >
> >
> > Tijuana, mexico
> >
> >
> > (E-Mail Removed) (Dave Enenkel) wrote in message news:<(E-Mail Removed) om>...
> > > Hy everybody,
> > >
> > > at the moment i have a strange behaviour with one of my routers. It's
> > > a 7120 (12.2.15 T7)where i'm running bgp and vpn stuff on. The problem
> > > i got at the moment is, that everytime i enable a crypto map on my
> > > serial interface my bgp session to my providers router goes down.
> > > After i debuged a lot of stuff and made some testings i really thing
> > > it's a bug but maybe i missed something. Did someone had similar
> > > problems ??
> > >
> > > Thanx in advance for reponds
> > >
> > > D@ve

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
To BGP or not to BGP (multihoming with ISPs over uneven links speed)?!? papi Cisco 4 09-08-2009 02:45 AM
static nat and ipsec - outside crypto map check failed xhon Cisco 0 09-20-2006 10:35 AM
Crypto map applied on loopback interface Sebastian Cisco 0 04-15-2005 10:42 PM
Difference between "bgp dampening" and "bgp bestpath dampening" harald rüger Cisco 0 10-25-2004 04:07 PM
Remove crypto map Aaron Cisco 1 06-09-2004 07:30 PM



Advertisments