Dynamic VPN on Cisco 7609

nedian123 · ‎05-01-2008

Dear all,

I am trying to implement Dynamic VPN on a Cisco 7609 (IOS 12.2<18>SXF13) & when I connect to this router through a Cisco VPN Client, an IPSEC tunnel is established.

When I issue "sh crypto ipsec sa" encrypted & decrypted packets are not equal & Split tunneling is also not working properly. Is anyone facing similar issue on this platform as same testing is working fine on low end series routers.

Any help in this regard would be appreciable.

**************************************

crypto isakmp policy 10

encr 3des

authentication pre-share

group 2

!

crypto isakmp client configuration group TEST

key test123

pool LOCAL

acl SPLIT

crypto isakmp profile TESTPROFILE

match identity group TEST

client authentication list USERAUTH

isakmp authorization list USERAUTH

client configuration address respond

!

crypto ipsec transform-set CISCO esp-3des esp-sha-hmac

!

crypto dynamic-map DYNAMIC 10

set transform-set CISCO

set isakmp-profile TESTPROFILE

reverse-route

!

crypto map TESTVPN 10 ipsec-isakmp dynamic DYNAMIC

ip local pool LOCAL 172.16.1.1 172.16.1.254

ip access-list extended SPLIT

permit ip 172.16.0.0 0.0.255.255 any

permit ip 192.168.0.0 0.0.255.255 any

**************************************

Regards,

Akhtar

mchin345 · ‎05-07-2008

Both encrypted ( to be decrypted ) and unencrypted( to be encrypted ) packets will be sent to the VPN module . and the sum of these two is equal to the packets out figure

nedian123 · ‎05-07-2008

I somehow got the clue.

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/hybrid/release/notes/ol_4563.html#wp220918

Regards,

Akhtar