RE: BVI and IPSEC bug

From: Frank Jimenez (franjime@xxxxxxxxx)
Date: Wed Jan 03 2001 - 00:28:21 GMT-3

• Next message: Michael King: "ISDN and CHAP"
• Previous message: ChrisH: "RE: ccbootcamp Lab 7"
• Maybe in reply to: Sam Munzani: "BVI and IPSEC bug"
• Next in thread: Sam Munzani: "Re: BVI and IPSEC bug"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
You might want to review the IOS versions as well. Had similar situations with
 earlier versions of 12.0 that were cleared up after 12.0.7 or so.....

Frank Jimenez, CCIE #5738
franjime@cisco.com

At 08:15 PM 01/02/2001 -0500, you wrote:
>You might want to take a look at ICMP Redirects and fast switching. Both of
>these can cause problems where the first packet will get through and the
>remaining packets being dropped.
>
>TTFN
>DaveO
>CCIE #5066
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
>Sam Munzani
>Sent: Tuesday, January 02, 2001 2:25 PM
>To: Justin Menga; ccielab@groupstudy.com
>Subject: Re: BVI and IPSEC bug
>
>
>Interesting suggestion Justin. I think that would be it. Will let you know
>my findings soon to you.
>
>Sam
>
>
>> Maybe it's not working because of Spanning Tree. If you make the VPN
>router
>> the root bridge it may then work as both ethernet ports would be
>designated
>> and forwarding.
>>
>> Regards,
>>
>> Justin Menga CCIE #6640 MCSE+I CCSE
>> WAN Specialist
>> Computerland New Zealand
>> PO Box 3631, Auckland
>> DDI: (+64) 9 360 4864 Mobile: (+64) 25 349 599
>> mailto: justin.menga@computerland.co.nz
>>
>>
>> -----Original Message-----
>> From: Sam Munzani [mailto:sam@munzani.com]
>> Sent: Wednesday, 3 January 2001 7:49 a.m.
>> To: ccielab@groupstudy.com
>> Subject: BVI and IPSEC bug
>>
>>
>> Hi Group,
>>
>> I just came across a bug that is worth sharing with you fine people out =
>> there.
>>
>> If you apply crypto map to a BVI interface, your IPSEC VPN doesn't work. =
>> The first packet will go through and then it will die.
>>
>> You would love to use BVI in redundant ISP Router environment like =
>> below.
>>
>> ISP Router-1 ISP Router-2
>> | |
>> S/W ------------ S/W
>> | /
>> | /
>> | /
>> | /
>> VPN Router
>> |
>>
>> E0 and E1 of VPN router is connected to those 2 switches and creates a =
>> BVI. E2 connects to inside of the network.=20
>>
>> This will not work.
>>
>> Regards,
>>
>> Sam
>>

• Next message: Michael King: "ISDN and CHAP"
• Previous message: ChrisH: "RE: ccbootcamp Lab 7"
• Maybe in reply to: Sam Munzani: "BVI and IPSEC bug"
• Next in thread: Sam Munzani: "Re: BVI and IPSEC bug"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:27:21 GMT-3