[c-nsp] bogus VPN info on cisco.com

Sergio Ramos sramos at sapphire.gi
Thu Oct 26 02:52:04 EDT 2006


Hi!

Have you tried the reverse-route command applied to the crypto map?

crypto dynamic-map dynmap 10
set transform-set myset
reverse-route

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/
secur_r/sec_r1g.htm#wp1094887


regards,

Sergio.

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Robert E.
Seastrom
Sent: 26 October 2006 03:59
To: cisco-nsp at puck.nether.net
Cc: rs at seastrom.com
Subject: [c-nsp] bogus VPN info on cisco.com


Yeah yeah, I know, Cisco getting it wrong in a sample config?  Oh,
that never happens, perish the thought!

But I do in fact have a need to accomplish exactly what is shown at:

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configura
tion_example09186a00801c4246.shtml

Note the VPN pool is on the same subnet as Ethernet 0/1.  This means
that the router will have to respond to arps for interfaces in that
range when they are active.  It doesn't.  Tried arp blah blah blah
alias; the router responds to the arps fine then but the data doesn't
flow.

Anyone have any ideas or a similar config that they've actually gotten
to work?  I've tried a 1710 and a 2621, running 12.3 and 12.4
mainline.

Thanks,

                                        ---Rob

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list