IPSEC with Gre tunnels

CSCO10456946 · ‎12-10-2003

Hi,

I need to make an IPSec Nedwork with two HeadQuartes.

On HeadQuartes I put Cisco 3725 with IOS c3725-ik9o3s-mz.122-15.T7.bin.

On client side I have c1700.

I try to configure an IPSec solution with GRE tunnels and Eigrp routing.

After configuration I have established tunnels, and a good routing table in

every site.

I have connectivity from each site to other.

My problem is that from HeadQuartes Lan I don't have connectivity to

remotes sites even from ethernet-lan router C3725 I have connectivity to

each site (in routing table I have al remote sites and I check conectivity

to remote sites ethernet-lan with ping - looks like C3725 don't forwards

pakets).

Any ideea?

Thanks in advance,

Valeriu Filipescu

hbaerten · ‎12-11-2003

Hi Valeru,

can you post a "show run" and "show ip route" from the central router as well as from the remote router?

Also, can you please refine what works and what doesn't?

regards

Herbert

CSCO10456946 · ‎12-11-2003

I am sorry but no I need to reestablish an older solution wich works before.

My problem is that packets who arrived from ethernet (Lan) wasn't forwarded to tunnel interface, this in condition wich extended ping from ethernet router works to ethernet remote router.

I found CSCds02496 bug who describe this problem but for c800 not c3725(The c805 completes the IKE and IPSec negotiation Phase I and Phase II but NOT FORWAR outbound packets to the tunnel. Disabling fast switching by entering the command 'no ip route-cache' allows the c805 to forward packets to the tunnel. The router does not route between the ethernet and the serial ports when IPSec and fast switching are both enabled)