Hi Community,   I was wondering if the additional SD-Card on a Catalyst 4500X has a filesystem that is read/writable with a Windows machine, that would greatly improve the upgrade process as one could just drag and drop the new images to the SD-Card and insert it into the Catalyst 4500X.   Greetings, Thomas   ... View more

Hi, I have a Dual Stacked DMVPN Hub site, VPN for ether IPv4 oder IPv6 is working properly, but not both at the same time. If the IPv4 Peers connect first, then the IPv6 Peers are unable to form an IPsec security association and the other way around. Crypto ISAKMP Phase1 is build correctly. A "show crypto ipsec sa" on the Hub shows only sa's for the kind of Peers that connected first. A "show crypto ipsec sa" on the Spoke that is unable to form an security association with the Hub shows an security association, but with no proposals and raising send error counters: Spoke (IPv4) SA interface: Tunnel1     Crypto map tag: My-Profile-v4-head-1, local addr 2.2.2.1    protected vrf: (none)    local  ident (addr/mask/prot/port): (2.2.2.1/255.255.255.255/47/0)    remote ident (addr/mask/prot/port): (1.1.1.1/255.255.255.255/47/0)    current_peer 1.1.1.1 port 500      PERMIT, flags={origin_is_acl,ipsec_sa_request_sent}     #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0     #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0     #pkts compressed: 0, #pkts decompressed: 0     #pkts not compressed: 0, #pkts compr. failed: 0     #pkts not decompressed: 0, #pkts decompress failed: 0     #send errors 23255, #recv errors 0      local crypto endpt.: 2.2.2.1, remote crypto endpt.: 1.1.1.1      plaintext mtu 1500, path mtu 1500, ip mtu 1500, ip mtu idb (none)      current outbound spi: 0x0(0)      PFS (Y/N): N, DH group: none      inbound esp sas:      inbound ah sas:      inbound pcp sas:      outbound esp sas:      outbound ah sas:      outbound pcp sas:    protected vrf: (none) I'm running IOS Version 15.3(2)T, is there some kind of known bug and/or a workaround for this? Interface Configuration interface GigabitEthernet0 description ** Outside ** ip address 1.1.1.1 255.255.255.0 duplex auto speed auto ipv6 address 2001:1:1:1::1/64 Crypto Configuration crypto isakmp policy 10 encr aes 256 authentication pre-share group 14 crypto isakmp key cisco address 0.0.0.0 no-xauth crypto isakmp key cisco address ipv6 ::/0 no-xauth crypto isakmp keepalive 10 periodic crypto ipsec transform-set My-Set esp-aes 256 esp-sha512-hmac mode tunnel crypto ipsec profile My-Profile-v4 description ** IPsec Profile fuer IPv4 Peers ** set transform-set My-Set set pfs group2 crypto ipsec profile My-Profile-v6 description ** IPsec Profile fuer IPv6 Peers ** set transform-set My-Set set pfs group2 Tunnel Configuration interface Tunnel1 description ** DMVPN Intranet IPv4 ** bandwidth 1000 ip vrf forwarding VPN ip address 10.0.10.1 255.255.255.0 no ip redirects ip mtu 1416 no ip next-hop-self eigrp 65351 no ip split-horizon eigrp 65351 ip pim sparse-mode ip nhrp map multicast dynamic ip nhrp network-id 1 ip nhrp holdtime 360 ip nhrp shortcut ip nhrp redirect ip tcp adjust-mss 1360 load-interval 30 shutdown keepalive 10 3 tunnel source GigabitEthernet0 tunnel mode gre multipoint tunnel key 1 tunnel protection ipsec profile My-Profile-v4 shared ! interface Tunnel2 description ** DMVPN Intranet IPv6 ** bandwidth 1000 ip vrf forwarding VPN ip address 10.0.12.1 255.255.255.0 ip mtu 1416 no ip next-hop-self eigrp 65351 no ip split-horizon eigrp 65351 ip pim sparse-mode ip nhrp map multicast dynamic ip nhrp network-id 2 ip nhrp holdtime 360 ip nhrp shortcut ip nhrp redirect ip tcp adjust-mss 1360 load-interval 30 keepalive 10 3 tunnel source GigabitEthernet0 tunnel mode gre multipoint ipv6 tunnel key 2 tunnel protection ipsec profile My-Profile-v6 shared Regards, Thomas ... View more