cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
411
Views
0
Helpful
1
Replies
richard.dean
Beginner

Adding Reverse Route causes 50% loss

I am building some IPSEC tunnels where thje remote locations have Dynamic IP addresses. It works fine, but I need to add more sites, right now I just have the one. When I add the reverse route statement, i start getting 50% packet loss based on ping responses "!.!.!.!.!.!.!.!" If I remove the RR it works fine. "!!!!!!!!!!"  Question is, what am I doing wrong or do I really need the reverse route? Right now the ACL is for the one subnet for current location, but I will be adding more sites. How would I adjust the ACL for more remote subnets if the remote sites are doing split tunneling and the ACLs must match?

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

group 2

lifetime 7200

!

crypto isakmp key (PASSWORD) address 0.0.0.0 0.0.0.0

crypto isakmp invalid-spi-recovery

crypto isakmp keepalive 30 20 periodic

!

crypto ipsec security-association lifetime seconds 1800

!

crypto ipsec transform-set NAMECRYPTset esp-3des esp-md5-hmac

!

crypto dynamic-map NAMECRYPTmap 10

set transform-set NAMECRYPTset

match address 115

1 REPLY 1
richard.dean
Beginner

I removed the reverse route, and also removed  "

match address 115" as neither is needed in this scenario

I think this will be what I am needing, but still curious as to why the RR appears to drop packets> I don;t need it now because I will not be advertising those routes, but still wondering.

Create
Recognize Your Peers
Content for Community-Ad