Traffic not always being sent down VPN tunnel

Discussion in 'Cisco' started by gtg, Oct 24, 2006.

  1. gtg

    gtg

    Joined:
    Oct 24, 2006
    Messages:
    1
    I've setup a VPN tunnel between a 2811 & an 800 series, both running IOS 12.4.10

    Traffic between the devices is fine. (e.g from ethernet interface to ethernet interface)

    However, whenever the a device behind the 800 sends traffic to devices on the ethernet subnet of the 2811, instead of the 2811 sending replies back down the VPN tunnel, some replies get send back out the VPN interface un-encrypted.

    2811 config summary:

    crypto isakmp policy 1
    encr 3des
    authentication pre-share
    group 2
    lifetime 3600
    crypto isakmp key SECRET address 192.168.246.244
    !
    !
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    !
    crypto map CRYPT-MAP 134 ipsec-isakmp
    description Tunnel
    set peer 192.168.246.244
    set security-association lifetime seconds 1200
    set transform-set ESP-3DES-SHA
    set pfs group2
    match address 134
    !
    interface FastEthernet0/0
    ip address 192.168.43.234 255.255.255.0
    !
    interface FastEthernet0/1
    crypto map CRYPT-MAP
    access-list 134 permit ip any 192.168.134.0 0.0.0.255

    e.g. if I ping from the 800 to 192.168.43.234, everything works fine.

    If I ping from the 800 to 192.168.43.254, I see that some of the ICMP packets get encrypted, whilst others don't, and I see ARP packets for the IP address of the ping source sent out unencrypted on the wire.

    What do I need to do to fix this ?

    Thanks,

    GTG

    (Yes, I know the "any" in the access-list is wrong for live, I'm testing !)
     
    gtg, Oct 24, 2006
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. a.nonny mouse
    Replies:
    2
    Views:
    1,116
  2. Tim Fortea
    Replies:
    2
    Views:
    1,026
  3. b0rez@yahoo.co.uk
    Replies:
    0
    Views:
    2,709
    b0rez@yahoo.co.uk
    Dec 20, 2005
  4. b0rez@yahoo.co.uk
    Replies:
    3
    Views:
    6,612
    b0rez@yahoo.co.uk
    Feb 8, 2006
  5. Trouble
    Replies:
    0
    Views:
    651
    Trouble
    Aug 4, 2006
Loading...

Share This Page