opsf over ipsec tunnel problem
 




IT Certification FAQ
 
|
Home
 |
Microsoft
 |
CISCO
 |
CompTIA
 |
Exam/Study FAQ
 |
Employment FAQ
 | Links  | Forums  |
Book Reviews


FAQFAQ  SearchSearch  MemberlistMemberlist  UsergroupsUsergroups  RegisterRegister  ProfileProfile  Log in to check your private messagesPrivate messages  Log inLog in

opsf over ipsec tunnel problem

 
Post new topic   Reply to topic    Forum Index -> comp.dcom.sys.cisco
Author Message
Dmitry Melekhov
Guest
PostPosted: Thu Jan 24, 2008 11:31 am    Post subject: opsf over ipsec tunnel problem Reply with quote
Hello!

I had long time worked configuration with cisco 3660 on one side and
cisco 1760 on another.
There was no problems :-)

Now I replaced 3660 with 3845 and decided to switch from crypto map to
ipsec virtual tunnel and now ospf doesn't work.

Here is 1760 configuration:


crypto isakmp policy 15
encr 3des
hash md5
authentication pre-share
group 2
lifetime 3600

crypto ipsec transform-set debessy ah-sha-hmac esp-aes 256 comp-lzs

crypto ipsec profile debesy-p
set transform-set debessy

interface Tunnel0
description p100
ip address 192.168.201.6 255.255.255.252
ip route-cache policy
ip route-cache flow
ip tcp adjust-mss 1360
ip ospf message-digest-key 10
tunnel source 192.168.202.6
tunnel destination 192.168.202.1
tunnel mode ipsec ipv4
tunnel protection ipsec profile debesy-p

interface Serial0/0
description DebBKN-DebIzhcom-2048
ip address 192.168.202.6 255.255.255.252
ip access-group 190 in
ip route-cache policy
ip route-cache flow
fair-queue


The same crypto config on 3845, only difference is in interfaces:

interface Tunnel2
ip address 192.168.201.5 255.255.255.252
ip route-cache policy
ip route-cache flow
ip tcp adjust-mss 1360
ip ospf message-digest-key 10 md5
tunnel source 192.168.202.1
tunnel destination 192.168.202.6
tunnel mode ipsec ipv4
tunnel protection ipsec profile debesy-p

interface Serial3/0
no ip address
ip nbar protocol-discovery
encapsulation frame-relay
ip route-cache policy
ip route-cache flow
fair-queue
serial restart-delay 0

interface Serial3/0.201 point-to-point
description debesy
ip address 192.168.202.1 255.255.255.252
ip access-group 190 in
snmp trap link-status
frame-relay interface-dlci 201


All works OK with static routes, access list in serial interfaces
allows only ipsec traffic.

router ospf 1
network 192.168.201.4 0.0.0.3 area 0

on both sides

with debug ip ospf events
I see on 1760

Jan 24 15:27:43.351 SAMT: OSPF: Send with youngest Key 10
Jan 24 15:27:43.351 SAMT: OSPF: Send hello to 224.0.0.5 area 0 on
Tunnel0 from 192.168.201.6

And on 3845
Jan 24 15:28:33.535 SAMT: OSPF: Rcv hello from 192.168.202.6 area 0
from Tunnel2 192.168.201.6
Jan 24 15:28:33.535 SAMT: OSPF: Send immediate hello to nbr
192.168.202.6, src address 192.168.201.6, on Tunnel2
Jan 24 15:28:33.535 SAMT: OSPF: Send with youngest Key 10
Jan 24 15:28:33.535 SAMT: OSPF: Send hello to 224.0.0.5 area 0 on
Tunnel2 from 192.168.201.5
Jan 24 15:28:33.535 SAMT: OSPF: End of hello processing

I can't understand why 1760 doesn't receive HELLO from 3845 . :-(

IOS is 12.4.17a on both routers.

Do you have any ideas?

btw, I have two ethernet links from 3845 to 2801 with the same tunnel
configuration, ospf works...
Back to top
Display posts from previous:   
Post new topic   Reply to topic    Forum Index -> comp.dcom.sys.cisco All times are GMT
Page 1 of 1

 

Copyright © 2002-2006 Web-S-Sense Pty. Ltd. All rights reserved.

Powered by phpBB
Advertising | Policies/Disclaimers | Contact us | Link to us

Featured Sites: Free Antivirus and Antispyware Info | Free PC Support | MCSE Directory