05-27-2003 07:20 AM - edited 02-21-2020 12:34 PM
I replaced a 3640 transit router with a 7204 and it broke my network-to-network tunnel between (2) 2600 IOS VPN. The tunnel is up but the networks can not ping each other. When I failback to the 3640 the networks can ping each other again.
05-27-2003 03:05 PM
Hi there,
You will need to do some additional troubleshooting to find out the cause of the problem. What you can do is to check if the 2600 router on one side is encrypting the tunnel. If it is, try and see if the other side is decrypting it and vice-versa. If you are not getting the packets on the other side of the tunnel, then you might have to do debug ip packet with an ACL applied on the 7200 router to see what's going on with the ESP packets
Jazib
05-28-2003 04:22 AM
I was able to see that encrypt and decrypt counters were incrementing on both ends when I did a sh crypto engine connections active. But is that ESP?
05-28-2003 04:46 AM
If you saw encrypts/decrypts, then it seems like your router is getting the ESP packets from the other side. Encrypts/decrypts counters are ESP packets, unless you are using NAT-T which is introduced in 12.2(15)T
Jazib
06-02-2003 04:15 AM
After futher debug i received this mesage:
3w0d: IP: s=65.118.89.130 (FastEthernet0/0), d=208.45.249.68 (FastEthernet0/1), len 112, encapsulation failed, proto=50
The encapsulation is failing., But it only fails when the 7200 is in place when I replace the router with the legacy transit router everything is ok. Is this an ARP issue. If so where does the problem lie.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide