Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
468
Views
5
Helpful
3
Replies

EZVPN using RRI and NEM with fa0/0 and Loopback0

rmetro
Level 1
Level 1

‎03-30-2011 04:59 AM

Our company has a handful of sites that use the EasyVPN technology.

On my remote router (Cisco1841) - I add the crypto inside to the FA0/0 and the Loopback0 interface.

On the other end my Cisco ASA 5580 - 8.41 code - I have RRI enabled and the tunnel comes up fine.

However I only see the static route from the fa0/0 interface on the remote router.  I can not figure why I can not see the Loopback0 address?

Wondering if this is a limitation or feature not enabled.

I added multiple interfaces on the Cisco 1800 and can see the networks.

I run "show crypto ipsec sa" on the Cisco ASA and see the spi encaps/decaps for the loopback, but the SH ROUTE does not show the static route being injected.

Any ideas would be grateful.

Labels:
0 Helpful
3 Replies 3

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎04-09-2011 01:49 AM

Hi,

If you have a specific proxy ID for loopback and don't see it inserted, well I guess you'd better open a TAC case.

Marcin

0 Helpful

rmetro
Level 1
Level 1
In response to Marcin Latosiewicz

‎04-09-2011 07:17 AM

I actually figured it out.  There is a BUG with RRI with 32 bit addresses.  If I make the Loopback a 30 bit address it works fine.

CSCsg25002 Bug Details

Enhance RRI to Inject 32 bit mask route

Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to rmetro

‎04-09-2011 07:18 AM

Cool, gave your last post flying marks ;-)

0 Helpful
Customers Also Viewed These Support Documents