[c-nsp] Cat 6509 with IPsec Services module
Enno Rey
erey at ernw.de
Thu May 19 15:22:28 EDT 2005
Hi,
I'm having some problems with a IPsec Services module in a Cat6509/Sup720 running
12.2(18)SX.
The machine is already productive with several VLANs (<20), internet access (100 Mbit) via a routed interface, absolutely nothing special here.
After applying the necessary configuration items for the Firewall Services Module
(configuring the both virtual Gig ports and vlans/interfaces) internet connectivity via the routed interface (here g9/37) is lost.
In brief:
before:
int gig9/37 configured as routed interface with external ip.
after:
- both virtual gigs of the module configured as trunk ports, one of them with allowed vlan 1,100,1002-1005,
- int gig9/37: no ip address, crypto connect vlan 100
- int vlan 100 with external ip + 'crypto engine slot' command.
In my understanding (that may be wrong) the traffic should continue to flow without problems as long as there's no crypto map applied to the vlan interface 100. But this is not the case. As soon as I apply the above mentioned changes, external connectivity is lost (which is bad ;-)) and I see the interface vlan 100 in down state. Whatever I do I can't get the interface to change to up state.
What am I doing wrong here? At the moment I'm rather stuck... any insight or help will strongly be appreciated.
thanks,
Enno
--
Enno Rey
ERNW Enno Rey Netzwerke GmbH - Zaehringerstr. 46 - 69115 Heidelberg
Tel. +49 6221 480390 - Fax 6221 419008 - Mobil +49 173 6745902
www.ernw.de - PGP 055F B3F3 FE9D 71DD C0D5 444E C611 033E 3296 1CC1
More information about the cisco-nsp
mailing list