About Ab26

Ab26 · 03-20-2025

Hi, I've had 2 routers that are configured with iBGP. Each one of these routers are connected to an external provider with eBGP. I setup a new router with full mesh iBGP and when I connect it to the external provider i get logs saying that R1 and R2 ...

Ab26 · 01-23-2025

I have set up an IPsec VPN tunnel. It worked fine at the beginning but then all of sudden the traffic stopped passing the tunnel, although the tunnel is still up. When I do show crypto ipsec sa peer X.X.X.X detail I can see "pkts no sa (send) 65" -...

Ab26 · 01-23-2025

what are the possible causes for having TOO many IKE SAs? they all are in negotiations and one is connected. The VPN tunnel seems to be working fine.

Ab26 · 12-01-2024

I have customer that has a special system where the end devices don't have MAC addresses nor IP addresses. The system was previously connected via direct cables (fiber and ethernet). The customer has now requested to connect these devices to Cisco L2...

Ab26 · 11-26-2024

I tried to upgrade the IOS of a VPN router to 17.9 and the crypto map (interface IPsec) got removed on Port-Channel interface. crypto map vpn 55 ipsec-isakmp set peer 10.10.10.1 set transform-set IPsec-proposalX set ikev2-profile IKE-ProfileX ...

Ab26 · 03-22-2025

Thanks @Harold Ritter ! After looking deeper I found out the Vlan55 was down in R1 and R2. These 2 routers where there for awhile. I just added R3 recently. Just for the simplicity I only mentioned one VLAN and one VRF however I have many in this set...

Ab26 · 03-22-2025

Thanks for everybody who responded ! I had actually missed update-source command Now my question is that I don't have update-source between R1 and R2 and they still work with no problem. Does anybody know why the problem only occurs with R3? Vl...

Ab26 · 02-14-2025

Problem was from the remote VPN peer router (not accessible by me).Apparently, in some products other than Cisco, Phase-2 is configured separately for each traffic-selector. I.e you could have a correct config in one traffic-selector and wrong in oth...

Ab26 · 02-01-2025

@Rob Ingram @MHM Cisco World I have been testing my the LAB the configuration changes as per the recommendation from Cisco. Unfortunately the reverse route injected for the ACL disappear if the router reloads. Has anyone experienced the same problem...

Ab26 · 01-27-2025

Thanks @ccieexpert ! I'll look at the suggestions you advised. The output of the 2 show commands were the same before and after the debug. "show crypto ikev2 sa detailed" "show crypto session peer <peer>detailed" ------------------------------------...

Member Since	‎05-23-2018 05:11 AM
Date Last Visited	‎04-14-2025 02:08 AM
Posts	83
Total Helpful Votes Received	11

User Statistics

User Activity

iBGP full mesh

IPsec pkts no sa (send)

too many IKE SAs

Can switch pass traffic between devices that don't have MAC addresses

crypto map (interface IPsec) get removed after upgrading the IOS

Re: iBGP full mesh

Re: iBGP full mesh

Re: IPsec pkts no sa (send)

Re: crypto map (interface IPsec) get removed after upgrading the IOS

Re: too many IKE SAs