[c-nsp] PIX IPSEC tunnel initiation (110001: No route to dst_addrfrom
src_addr)... (bad paste)
Tim Bulger
timb at phreakocious.net
Wed Jul 13 22:56:15 EDT 2005
I can't seem to get Outlook to break the lines properly on that config, so
here is a link to it:
http://phreakocious.net/brokenPIX.txt
Thanks again in advance. =)
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Tim Bulger
Sent: Wednesday, July 13, 2005 7:47 PM
To: 'cisco-nsp'
Subject: [c-nsp] PIX IPSEC tunnel initiation (110001: No route to
dst_addrfrom src_addr)...
I have a truly strange problem with a PIX initiating an IPSEC tunnel. The
error message that I get when I attempt to do a 'ping inside 172.28.8.1' is
'110001: No route to 172.28.8.1 from 172.29.8.1'. This is an extremely
straightforward configuration and was working yesterday, but stopped during
the process of experimenting to find the optimal 'isakmp keepalive' value.
I don't have any complexity to my routing table or overlapping routes, and I
have a functional default gateway configured. I have tried this on 6.2(4),
6.3(3), and 6.3(4). I have stuck with 6.3(3) because with 6.3(4), I can
watch my free memory drop by about .5MB/sec until there is almost none left
and the device becomes unstable.
Sorry for the long winded email, but I don't have much hair left to tear
out. :) Any help would be greatly appreciated.
-Tim
Sanitized config follows:
More information about the cisco-nsp
mailing list