Traffic not always being sent down VPN tunnel

Discussion in 'Cisco' started by gtg, Oct 24, 2006.

  1. gtg

    gtg

    Joined:
    Oct 24, 2006
    Messages:
    1
    Likes Received:
    0
    I've setup a VPN tunnel between a 2811 & an 800 series, both running IOS 12.4.10

    Traffic between the devices is fine. (e.g from ethernet interface to ethernet interface)

    However, whenever the a device behind the 800 sends traffic to devices on the ethernet subnet of the 2811, instead of the 2811 sending replies back down the VPN tunnel, some replies get send back out the VPN interface un-encrypted.

    2811 config summary:

    crypto isakmp policy 1
    encr 3des
    authentication pre-share
    group 2
    lifetime 3600
    crypto isakmp key SECRET address 192.168.246.244
    !
    !
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    !
    crypto map CRYPT-MAP 134 ipsec-isakmp
    description Tunnel
    set peer 192.168.246.244
    set security-association lifetime seconds 1200
    set transform-set ESP-3DES-SHA
    set pfs group2
    match address 134
    !
    interface FastEthernet0/0
    ip address 192.168.43.234 255.255.255.0
    !
    interface FastEthernet0/1
    crypto map CRYPT-MAP
    access-list 134 permit ip any 192.168.134.0 0.0.0.255

    e.g. if I ping from the 800 to 192.168.43.234, everything works fine.

    If I ping from the 800 to 192.168.43.254, I see that some of the ICMP packets get encrypted, whilst others don't, and I see ARP packets for the IP address of the ping source sent out unencrypted on the wire.

    What do I need to do to fix this ?

    Thanks,

    GTG

    (Yes, I know the "any" in the access-list is wrong for live, I'm testing !)
     
    gtg, Oct 24, 2006
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.