BGP and crypto map

Discussion in 'Cisco' started by Dave Enenkel, Nov 10, 2003.

  1. Dave Enenkel

    Dave Enenkel Guest

    Hy everybody,

    at the moment i have a strange behaviour with one of my routers. It's
    a 7120 (12.2.15 T7)where i'm running bgp and vpn stuff on. The problem
    i got at the moment is, that everytime i enable a crypto map on my
    serial interface my bgp session to my providers router goes down.
    After i debuged a lot of stuff and made some testings i really thing
    it's a bug but maybe i missed something. Did someone had similar
    problems ??

    Thanx in advance for reponds

    D@ve
     
    Dave Enenkel, Nov 10, 2003
    #1
    1. Advertising

  2. Dave Enenkel

    CCIE8122 Guest

    > Hy everybody,
    >
    > at the moment i have a strange behaviour with one of my routers. It's
    > a 7120 (12.2.15 T7)where i'm running bgp and vpn stuff on. The problem
    > i got at the moment is, that everytime i enable a crypto map on my
    > serial interface my bgp session to my providers router goes down.
    > After i debuged a lot of stuff and made some testings i really thing
    > it's a bug but maybe i missed something. Did someone had similar
    > problems ??
    >
    > Thanx in advance for reponds
    >
    > D@ve


    You gotta post a config, else there is really no way to help you.

    kr
     
    CCIE8122, Nov 11, 2003
    #2
    1. Advertising

  3. How does your ACL's look ? As CCIE8122 mentioned, configs are required.

    Dave Enenkel wrote:

    > Hy everybody,
    >
    > at the moment i have a strange behaviour with one of my routers. It's
    > a 7120 (12.2.15 T7)where i'm running bgp and vpn stuff on. The problem
    > i got at the moment is, that everytime i enable a crypto map on my
    > serial interface my bgp session to my providers router goes down.
    > After i debuged a lot of stuff and made some testings i really thing
    > it's a bug but maybe i missed something. Did someone had similar
    > problems ??
    >
    > Thanx in advance for reponds
    >
    > D@ve
     
    Vidyaranya Maddi, Nov 13, 2003
    #3
  4. Are you using route-maps to match the nexthop ?


    Tijuana, mexico


    (Dave Enenkel) wrote in message news:<>...
    > Hy everybody,
    >
    > at the moment i have a strange behaviour with one of my routers. It's
    > a 7120 (12.2.15 T7)where i'm running bgp and vpn stuff on. The problem
    > i got at the moment is, that everytime i enable a crypto map on my
    > serial interface my bgp session to my providers router goes down.
    > After i debuged a lot of stuff and made some testings i really thing
    > it's a bug but maybe i missed something. Did someone had similar
    > problems ??
    >
    > Thanx in advance for reponds
    >
    > D@ve
     
    Ariel Taranto, Nov 14, 2003
    #4
  5. Dave Enenkel

    Dave Enenkel Guest

    I'm using route maps for the BGP config. For VPN i use static routes.
    D@ve
    (Ariel Taranto) wrote in message news:<>...
    > Are you using route-maps to match the nexthop ?
    >
    >
    > Tijuana, mexico
    >
    >
    > (Dave Enenkel) wrote in message news:<>...
    > > Hy everybody,
    > >
    > > at the moment i have a strange behaviour with one of my routers. It's
    > > a 7120 (12.2.15 T7)where i'm running bgp and vpn stuff on. The problem
    > > i got at the moment is, that everytime i enable a crypto map on my
    > > serial interface my bgp session to my providers router goes down.
    > > After i debuged a lot of stuff and made some testings i really thing
    > > it's a bug but maybe i missed something. Did someone had similar
    > > problems ??
    > >
    > > Thanx in advance for reponds
    > >
    > > D@ve
     
    Dave Enenkel, Nov 14, 2003
    #5
  6. Dave Enenkel

    Dave Enenkel Guest

    Hy,

    appended you find an extract of my config.


    ip subnet-zero
    no ip source-route
    !
    !
    no ip domain lookup
    !
    no ip cef
    !
    !!
    crypto isakmp policy 10
    encr 3des
    authentication pre-share
    group 2
    lifetime 28800
    !
    crypto isakmp key xxxxxxx address xx.xx.xx.xx no-xauth
    !
    !
    crypto ipsec transform-set Test-vpn esp-3des esp-sha-hmac
    !
    crypto map Test-vpn 10 ipsec-isakmp
    set peer xx.xx.xx.xx
    set transform-set NS-Strong
    match address 175


    !
    !
    interface Serial1/0
    bandwidth 1984
    ip address xx.xx.xx.xx 255.255.255.252
    ip access-group 110 in
    no ip route-cache
    no ip mroute-cache
    load-interval 60
    down-when-looped
    serial restart_delay 0
    no fair-queue
    no cdp enable
    crypto map Test-vpn
    !
    router bgp xxxx
    no synchronization
    bgp router-id xx.xx.xx.xx
    bgp log-neighbor-changes
    network xx.xx.xx.xx
    neighbor <Provider-Router> remote-as xx
    neighbor <Provider-Router> send-community
    neighbor <Provider-Router> soft-reconfiguration inbound
    neighbor <Provider-Router> route-map IN in
    neighbor <Provider-Router> route-map OUT out
    neighbor <my-other-redundant-router> remote-as xxxx
    neighbor <my-other-redundant-router> update-source Loopback0
    neighbor <my-other-redundant-router> next-hop-self
    neighbor <my-other-redundant-router> send-community
    no auto-summary
    !
    ip classless
    ip route VPN-network serial 1/0
    no ip http server
    no ip http secure-server
    !
    ip bgp-community new-format
    ip as-path access-list 1 permit ^$
    ip as-path access-list 2 permit ^xxx_
    !
    ip prefix-list NO-SUBNET seq 5 permit 0.0.0.0/0 ge 25
    !
    access-list 110 permit icmp any any unreachable
    access-list 110 permit icmp any any source-quench
    access-list 110 permit icmp any any time-exceeded
    access-list 110 permit icmp any any parameter-problem
    access-list 110 permit icmp any any conversion-error
    access-list 110 permit icmp any xxxxxxx echo-reply
    access-list 110 deny icmp any any
    access-list 110 permit ip any any
    access-list 110 permit esp any any
    access-list 175 permit ip xxxx xxxxxx
    no cdp run
    !
    route-map OUT permit 10
    match as-path 1
    set as-path prepend xxx xxx xxx
    !
    route-map OUT deny 20
    !
    route-map IN deny 5
    match ip address prefix-list NO-SUBNET
    !
    route-map IN permit 10
    match as-path 2
    set local-preference 90






    CCIE8122 <> wrote in message news:<bopnpa$n77$>...
    > > Hy everybody,
    > >
    > > at the moment i have a strange behaviour with one of my routers. It's
    > > a 7120 (12.2.15 T7)where i'm running bgp and vpn stuff on. The problem
    > > i got at the moment is, that everytime i enable a crypto map on my
    > > serial interface my bgp session to my providers router goes down.
    > > After i debuged a lot of stuff and made some testings i really thing
    > > it's a bug but maybe i missed something. Did someone had similar
    > > problems ??
    > >
    > > Thanx in advance for reponds
    > >
    > > D@ve

    >
    > You gotta post a config, else there is really no way to help you.
    >
    > kr
     
    Dave Enenkel, Nov 14, 2003
    #6
  7. Dave Enenkel

    Dave Enenkel Guest

    Hy everybody,

    Cisco TAC helped us to find the problem. The IOS is a litlle bit
    sensitive regarding the vpn config. We had a dynamic crypto map entry
    in our config (as a template) with a link to a access list where the
    access list itself was not configured.
    After setting the access lists the problem vanished.

    Thanx for all the reponses

    D@ve




    (Dave Enenkel) wrote in message news:<>...
    > I'm using route maps for the BGP config. For VPN i use static routes.
    > D@ve
    > (Ariel Taranto) wrote in message news:<>...
    > > Are you using route-maps to match the nexthop ?
    > >
    > >
    > > Tijuana, mexico
    > >
    > >
    > > (Dave Enenkel) wrote in message news:<>...
    > > > Hy everybody,
    > > >
    > > > at the moment i have a strange behaviour with one of my routers. It's
    > > > a 7120 (12.2.15 T7)where i'm running bgp and vpn stuff on. The problem
    > > > i got at the moment is, that everytime i enable a crypto map on my
    > > > serial interface my bgp session to my providers router goes down.
    > > > After i debuged a lot of stuff and made some testings i really thing
    > > > it's a bug but maybe i missed something. Did someone had similar
    > > > problems ??
    > > >
    > > > Thanx in advance for reponds
    > > >
    > > > D@ve
     
    Dave Enenkel, Nov 19, 2003
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Aaron

    Remove crypto map

    Aaron, Jun 9, 2004, in forum: Cisco
    Replies:
    1
    Views:
    5,666
    JustMe
    Jun 9, 2004
  2. Sebastian
    Replies:
    0
    Views:
    5,544
    Sebastian
    Apr 15, 2005
  3. Replies:
    0
    Views:
    2,546
  4. Replies:
    3
    Views:
    2,722
  5. xhon
    Replies:
    0
    Views:
    797
Loading...

Share This Page