VPN - Routing between spokes!

Discussion in 'Cisco' started by Lars Molstad, Jan 26, 2004.

  1. Lars Molstad

    Lars Molstad Guest

    I have a VPN-Hub-router (3640 running IOS 12.3.5a) with about 200 spokes
    (using PIX 501 as spokes).

    I have been using a route-map associated with a Loopback interface for
    routing and access-control between the spokes, but route-maps is very
    CPU-intensive, and I wnat to get rid of the route-map configuration.

    I configured this in a lab with a 1712 and two PIX501's. The 1712 ran IOS
    12.2. This worked fine with the access-control applied to the same interface
    as the crypto-map. Then I configured the same on the production router, and
    no spokes could communicate with each other... I had to reapply the
    route-map to get the spokes up and running again..

    Anyone got a clue? Haven't had time to test with another 3640, or another
    software on the 1712 yet.... Need more RAM and FLASH in my lab to do

    [email protected]
    Lars Molstad, Jan 26, 2004
  2. Is the hub router running NAT? The route map is a trick usually used to
    allow NAT and VPN in the same box.
    Phillip Remaker, Jan 26, 2004
  3. Lars Molstad

    Lars Molstad Guest

    Ahhh.. Problem solved!
    This might be a bug in IOS 12.2T and 12.3.
    I loaded 12.2.21b and got it working without policy-based routing!

    [email protected]
    Lars Molstad, Jan 29, 2004
