Re: BVI and IPSEC bug

From: Wu Jiang (wujiang@xxxxxxxxx)
Date: Tue Jan 09 2001 - 02:11:35 GMT-3

• Next message: Chuck Church: "RE: Next Step?"
• Previous message: Atif Awan: "Re: Match internal 1 external 2"
• Maybe in reply to: Sam Munzani: "BVI and IPSEC bug"
• Next in thread: Sam Munzani: "Re: BVI and IPSEC bug"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Sam,
Just configured IPSec over BVI. It worked fine.
Are your two ISP routers' interfaces in the same subnet? It seems that the two
switches are connected by a link. Did spanning tree block one of your interface
? I am not sure if you need to place cryto map on the physical interfaces too.
With only one bridged interface in my testing, it seems to have no difference.

Wu

----- Original Message -----
From: "Sam Munzani" <sam@munzani.com>
To: <erickbe@yahoo.com>; <ccielab@groupstudy.com>
Sent: Tuesday, January 09, 2001 4:27 AM
Subject: Re: BVI and IPSEC bug

> I already verified that. That's not the problem.
>
> Sam
>
>
> > Have you tried 'no ip route cache' on the BVI
> > interface. I ran into a similar problem where
> > fast-switching on the BVI was broke in 12.1(4) and
> > recent T releases. The first packet went through then
> > everything after which was cached didn't go. Cisco TAC
> > coudln't dupe the problem and was puzzled.
> >
> > Anyone know a source for cheap flash for a 800 router?
> > I need to upgrade my home router so I can practice
> > IPSec. MemoryX wants $200'ish for a 8 meg Kingston
> > flash.
> >
> > --- Sam Munzani <sam@munzani.com> wrote:
> > > Hi Group,
> > >
> > > I just came across a bug that is worth sharing with
> > > you fine people out =
> > > there.
> > >
> > > If you apply crypto map to a BVI interface, your
> > > IPSEC VPN doesn't work. =
> > > The first packet will go through and then it will
> > > die.
> > >
> > > You would love to use BVI in redundant ISP Router
> > > environment like =
> > > below.
> > >
> > > ISP Router-1 ISP Router-2
> > > | |
> > > S/W ------------ S/W
> > > | /
> > > | /
> > > | /
> > > | /
> > > VPN Router
> > > |
> > >
> > > E0 and E1 of VPN router is connected to those 2
> > > switches and creates a =
> > > BVI. E2 connects to inside of the network.=20
> > >
> > > This will not work.
> > >
> > > Regards,
> > >
> > > Sam
> > >
> > >

• Next message: Chuck Church: "RE: Next Step?"
• Previous message: Atif Awan: "Re: Match internal 1 external 2"
• Maybe in reply to: Sam Munzani: "BVI and IPSEC bug"
• Next in thread: Sam Munzani: "Re: BVI and IPSEC bug"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:27:25 GMT-3