01-11-2012 01:51 AM
Hi all
I use a C892 router with the IOS c890-universalk9-mz.152-1.T.bin. I just ran the command "debug ip packet 151 detail" and then the router stopped to work because it was overloaded. The ACL151 I used is as follow:
Extended IP access list 151
10 permit ip host 10.1.1.1 host 91.1.1.1
In the syslog then I got hundred of messages from IPSec:
Jan 11 09:43:35.677: IP: s=10.80.10.254, d=10.64.19.99, pak 8A7453CC consumed in output feature , packet consumed, IPSec: to crypto engine(70), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
Jan 11 09:43:35.677: IP: s=10.80.10.254, d=10.65.4.211, pak 870D82E4 consumed in output feature , packet consumed, IPSec: to crypto engine(70), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
Jan 11 09:43:35.677: IP: s=10.80.10.254, d=10.64.19.99, pak 89476E4C consumed in output feature , packet consumed, IPSec: to crypto engine(70), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
Jan 11 09:43:35.677: IP: s=10.80.10.254, d=10.65.4.211, pak 8ADE5DDC consumed in output feature , packet consumed, IPSec: to crypto engine(70), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
Has someone an explanation for this why the access list 151 is not doing the job? For me it seems just like that this ACL is not applied and that I have a debug then for the whole traffic.
Thank you
Markus
01-15-2012 09:56 PM
Hi all
Does anyone had this situation once? Or would it be possible that someone can do a test on a same router to check the result?
Thank you
Markus
01-17-2012 09:41 PM
Hi all
it seems that nobody has the same issue with these series of routers. We reproduced the same topic on another router, most likely it would be a bug.
If there is no reply from your side I will open a TAC case for this issue.
Thank you
Markus
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide