Re: Wierd VPN Issue from groupstudy on 2009-09-09 (Ccielab archives 09/2009)

From: groupstudy <groupstudy_at_gmail.com>
Date: Wed, 9 Sep 2009 21:40:03 -0400

I chalked this one up to a bug... It's gotta be.

On Fri, Sep 4, 2009 at 3:52 PM, quiet blue <quietb_at_gmail.com> wrote:

> It doesn't look like you guys got to the bottom of this one. The acl 199
> configured that way shouldn't make any difference.
> Please post the complete configs if you are interested in more discussion.
>
>
>
> On Mon, Aug 31, 2009 at 6:04 PM, Omkar Tambalkar <
> omkar.groupstudy_at_gmail.com> wrote:
>
>> Probably related to anti-spoofing, you defined f0/0 as the nat outside
>> interface and applied crypto map there and then the VPN traffic from
>> remote
>> end enters the interface it thinks it is spoofed.
>>
>> On Mon, Aug 31, 2009 at 1:04 PM, groupstudy <groupstudy_at_gmail.com> wrote:
>>
>> > I figured this out. Just for fun, I configured the following on R1:
>> >
>> > access-list 199 permit ip any any
>> > int f0/0
>> > ip access-group 199 in
>> >
>> > As soon as I put that in, it began to work.
>> >
>> > This has to be a bug...
>> >
>> > Thanks for your input fellas.
>> >
>> >
>> >
>> > On Mon, Aug 31, 2009 at 3:11 PM, Rich Collins <nilsi2002_at_gmail.com>
>> wrote:
>> >
>> > > My favorite show commands for VPN connections are:
>> > >
>> > > Router#sh crypto ipsec sa
>> > >
>> > >
>> > > Router#sh crypto isakmp sa
>> > >
>> > >
>> > > You can check security associations and byte counts.
>> > >
>> > > -Rich
>> > >
>> > > On Mon, Aug 31, 2009 at 2:54 PM, groupstudy<groupstudy_at_gmail.com>
>> wrote:
>> > > > I actually just changed the ACLs to permit ip any any and i get the
>> > same
>> > > > results...
>> > > >
>> > > > I even reloaded the routers to make sure everything had a chance to
>> > start
>> > > > fresh.
>> >
>> >
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Wed Sep 09 2009 - 21:40:03 ART

This archive was generated by hypermail 2.2.0 : Sun Oct 04 2009 - 07:42:03 ART