11-29-2012 10:46 PM
I have installed a new 2901 router with the IOS version 15 code (c2900-universalk9-mz.SPA.152-3.T.bin). I have a template config that I have created for my remote VPN routers that I have been using on 2811 routers with version 12.4 (c2800nm-advipservicesk9-mz.124-24.T1.bin).
I do have the securityk9 active on the 2901 software.
Technology Package License Information for Module:'c2900'
-----------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
------------------------------------------------------------------
ipbase ipbasek9 Permanent ipbasek9
security securityk9 Permanent securityk9
uc None None None
data None None None
Issue is when I do a "show crypto session" the GRE tunnels session status read down on the 2901 router but on the 2811 session reads up-active.
Everything is working and I am routing over the GRE Tunnels. Can someone explain this to me.
2901 display:
Interface: Tunnel0
Session status: DOWN
Peer: xxx.xxx.xxx.xxx port 500
IPSEC FLOW: permit 47 host xxx.xxx.xxx.xxx host xxx.xxx.xxx.xxx
Active SAs: 0, origin: crypto map
Interface: Tunnel0
Session status: DOWN
Peer: xxx.xxx.xxx.xxx port 500
IPSEC FLOW: permit 47 host xxx.xxx.xxx.xxx host xxx.xxx.xxx.xxx
Active SAs: 0, origin: crypto map
Interface: Tunnel1
Session status: DOWN
Peer: xxx.xxx.xxx.xxx port 500
IPSEC FLOW: permit 47 host xxx.xxx.xxx.xxx host xxx.xxx.xxx.xxx
Active SAs: 0, origin: crypto map
Interface: Tunnel1
Session status: DOWN
Peer: xxx.xxx.xxx.xxx port 500
IPSEC FLOW: permit 47 host xxx.xxx.xxx.xxx host xxx.xxx.xxx.xxx
Active SAs: 0, origin: crypto map
Interface: GigabitEthernet0/0
Session status: UP-ACTIVE
Peer: xxx.xxx.xxx.xxx port 500
IKEv1 SA: local xxx.xxx.xxx.xxx/500 remote xxx.xxx.xxx.xxx/500 Active
IPSEC FLOW: permit 47 host xxx.xxx.xxx.xxx host xxx.xxx.xxx.xxx
Active SAs: 2, origin: crypto map
Interface: GigabitEthernet0/0
Session status: UP-ACTIVE
Peer: xxx.xxx.xxx.xxx port 500
IKEv1 SA: local xxx.xxx.xxx.xxx/500 remote xxx.xxx.xxx.xxx/500 Active
IPSEC FLOW: permit 47 host xxx.xxx.xxx.xxx host xxx.xxx.xxx.xxx
Active SAs: 2, origin: crypto map
display from 2811 router:
Crypto session current status
Interface: Tunnel0 Tunnel1 FastEthernet0/0
Session status: UP-ACTIVE
Peer: xxx.xxx.xxx.xxx port 500
IKE SA: local xxx.xxx.xxx.xxx/500 remote xxx.xxx.xxx.xxx/500 Active
IPSEC FLOW: permit 47 host xxx.xxx.xxx.xxx host xxx.xxx.xxx.xxx
Active SAs: 2, origin: crypto map
Interface: Tunnel0 Tunnel1 FastEthernet0/0
Session status: UP-ACTIVE
Peer: xxx.xxx.xxx.xxx port 500
IKE SA: local xxx.xxx.xxx.xxx/500 remote xxx.xxx.xxx.xxx/500 Active
IPSEC FLOW: permit 47 host xxx.xxx.xxx.xxx host xxx.xxx.xxx.xxx
Active SAs: 2, origin: crypto map
11-29-2012 10:54 PM
More configuration information. I am piering with two host routers that is why there is two GRE Tunnels and crypto session on each remote 2811 and 2901 routers.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide