From: Dave Oakman (doakman@xxxxxxxx)
Date: Tue Jan 02 2001 - 22:15:44 GMT-3
You might want to take a look at ICMP Redirects and fast switching. Both of
these can cause problems where the first packet will get through and the
remaining packets being dropped.
TTFN
DaveO
CCIE #5066
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Sam Munzani
Sent: Tuesday, January 02, 2001 2:25 PM
To: Justin Menga; ccielab@groupstudy.com
Subject: Re: BVI and IPSEC bug
Interesting suggestion Justin. I think that would be it. Will let you know
my findings soon to you.
Sam
> Maybe it's not working because of Spanning Tree. If you make the VPN
router
> the root bridge it may then work as both ethernet ports would be
designated
> and forwarding.
>
> Regards,
>
> Justin Menga CCIE #6640 MCSE+I CCSE
> WAN Specialist
> Computerland New Zealand
> PO Box 3631, Auckland
> DDI: (+64) 9 360 4864 Mobile: (+64) 25 349 599
> mailto: justin.menga@computerland.co.nz
>
>
> -----Original Message-----
> From: Sam Munzani [mailto:sam@munzani.com]
> Sent: Wednesday, 3 January 2001 7:49 a.m.
> To: ccielab@groupstudy.com
> Subject: BVI and IPSEC bug
>
>
> Hi Group,
>
> I just came across a bug that is worth sharing with you fine people out =
> there.
>
> If you apply crypto map to a BVI interface, your IPSEC VPN doesn't work. =
> The first packet will go through and then it will die.
>
> You would love to use BVI in redundant ISP Router environment like =
> below.
>
> ISP Router-1 ISP Router-2
> | |
> S/W ------------ S/W
> | /
> | /
> | /
> | /
> VPN Router
> |
>
> E0 and E1 of VPN router is connected to those 2 switches and creates a =
> BVI. E2 connects to inside of the network.=20
>
> This will not work.
>
> Regards,
>
> Sam
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:27:21 GMT-3