Issues with IPSEC over DMVPN on 7604 Router

Hello all,

Has anybody implemented DMVPN with IPSEC on a 7604 router successfully? I
recently deployed with a 7604 router as the hub and a mixture of 2800, 1800
and 2600 series routers as spokes. The DMVPN implementation was successful
but when I implemented IPSEC over the implementation, I had the following
error:

ABC_RT(config)#int tunnel 1
ABC_RT(config-if)#tunnel protection ipsec profile scpcprof
ABC_RT(config-if)#
May 26 17:59:46.848 gmt: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
May 26 17:59:46.892 gmt: %CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an
IPSEC packet.
        (ip) vrf/dest_addr= /172.28.5.138, src_addr= 10.200.102.1, prot= 47
ABC_RT(config-if)#
May 26 17:59:57.152 gmt: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor
10.204.2.1 (Tunnel1) is down: holding time expired

I replaced the 7604 router with a 2800 series router and the whole
implementation was successful with IPSEC over the DMVPN. The IOS image I
have on the 7604 is: c7600rsp72043-advipservicesk9-mz.122-33.SRC3.bin and I
have a mixture of 12.3 and 12.4 images on the spokes. The following is a
show version output on the 7604 router:

ABC_RT#show version
Cisco IOS Software, c7600rsp72043_rp Software
(c7600rsp72043_rp-ADVIPSERVICESK9-M), Version 12.2(33)SRC3, RELEASE SOFTWARE
(fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Tue 16-Dec-08 09:49 by prod_rel_team
ROM: System Bootstrap, Version 12.2(33r)SRD2, RELEASE SOFTWARE (fc1)
 7604_Router uptime is 13 hours, 26 minutes
Uptime for this control processor is 13 hours, 27 minutes
System returned to ROM by s/w reset (SP by power-on)
System image file is
"bootdisk:c7600rsp72043-advipservicesk9-mz.122-33.SRC3.bin"
Last reload type: Normal Reload

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found
at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export_at_cisco.com.
Cisco CISCO7604 (M8500) processor (revision 2.0) with 1835008K/131072K bytes
of memory.
Processor board ID FOX1247H11N
 BASEBOARD: RSP720
 CPU: MPC8548_E, Version: 2.0, (0x80390020)
 CORE: E500, Version: 2.0, (0x80210020)
 CPU:1200MHz, CCB:400MHz, DDR:200MHz,
 L1: D-cache 32 kB enabled
        I-cache 32 kB enabled
Last reset from power-on
1 SSC-400 controller (1 IPSEC).
1 Virtual Ethernet interface
52 Gigabit Ethernet interfaces
3964K bytes of non-volatile configuration memory.
507024K bytes of Internal ATA PCMCIA card (Sector size 512 bytes).
Configuration register is 0x2102
ABC_RT#
Do anybody have an idea about what might be wrong? The 7604 router has a VPN
module which the status is showing on. Do I have to enter any command to
make the VPN module functional?

I will appreciate your contributions.

'Mayokun

Blogs and organic groups at http://www.ccie.net
Received on Wed May 27 2009 - 00:21:11 ART