Introduction:
This document shows an error faced by an user.
What is IPSEC?
IPsec (Internet Protocol Security) can be defined as a framework with a set of protocols for security at the network layer for data communication.
IPsec render two types of security service:
- Authentication Header (AH), It ensures the authentication of the sender sending data,
- Encapsulating Security Payload (ESP), This service ensures the authentication and encryption of the data.
Information related to each of the services is inserted in a header into the packet which follows the IP packet header. Separate key protocols can be selected, such as the ISAKMP/Oakley protocol.
Core issue
IPSec tunnels do not come up if the card fails to do encryption.
Resolution
This issue is documented in Cisco Bug ID CSCsc44772
To isolate the issue, disable the hardware accelerator card by issuing this command in global configuration mode:
no cryto engine accelerator
This command switches the router to use software encryption instead of hardware encryption. Try connecting the VPN client or initiate a LAN-to-LAN tunnel after that.
This issue is fixed in the Cisco IOS versions 12.4(5a), 12.4(5.13) and 12.4(5.13)T.
To download the latest software, refer to Software Product and Downloads.
Product Family
Routers
Cisco IOS Software Version
12.3
12.0
12.1
12.2
