Traffic not always being sent down VPN tunnel

Discussion in 'Cisco' started by gtg, Oct 24, 2006.

  1. gtg


    Oct 24, 2006
    Likes Received:
    I've setup a VPN tunnel between a 2811 & an 800 series, both running IOS 12.4.10

    Traffic between the devices is fine. (e.g from ethernet interface to ethernet interface)

    However, whenever the a device behind the 800 sends traffic to devices on the ethernet subnet of the 2811, instead of the 2811 sending replies back down the VPN tunnel, some replies get send back out the VPN interface un-encrypted.

    2811 config summary:

    crypto isakmp policy 1
    encr 3des
    authentication pre-share
    group 2
    lifetime 3600
    crypto isakmp key SECRET address
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto map CRYPT-MAP 134 ipsec-isakmp
    description Tunnel
    set peer
    set security-association lifetime seconds 1200
    set transform-set ESP-3DES-SHA
    set pfs group2
    match address 134
    interface FastEthernet0/0
    ip address
    interface FastEthernet0/1
    crypto map CRYPT-MAP
    access-list 134 permit ip any

    e.g. if I ping from the 800 to, everything works fine.

    If I ping from the 800 to, I see that some of the ICMP packets get encrypted, whilst others don't, and I see ARP packets for the IP address of the ping source sent out unencrypted on the wire.

    What do I need to do to fix this ?



    (Yes, I know the "any" in the access-list is wrong for live, I'm testing !)
    gtg, Oct 24, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.