[c-nsp] bogus VPN info on cisco.com

Robert E. Seastrom rs at seastrom.com
Thu Oct 26 09:07:20 EDT 2006


That looks as if it might work though it looks like it's for remote
networks not the pool itself; I'll give it a try in an hour when I'm
next to the box.

Thanks,

                                        ---rob

"Sergio Ramos" <sramos at sapphire.gi> writes:

> Hi!
>
> Have you tried the reverse-route command applied to the crypto map?
>
> crypto dynamic-map dynmap 10
> set transform-set myset
> reverse-route
>
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/
> secur_r/sec_r1g.htm#wp1094887
>
>
> regards,
>
> Sergio.
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Robert E.
> Seastrom
> Sent: 26 October 2006 03:59
> To: cisco-nsp at puck.nether.net
> Cc: rs at seastrom.com
> Subject: [c-nsp] bogus VPN info on cisco.com
>
>
> Yeah yeah, I know, Cisco getting it wrong in a sample config?  Oh,
> that never happens, perish the thought!
>
> But I do in fact have a need to accomplish exactly what is shown at:
>
> http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configura
> tion_example09186a00801c4246.shtml
>
> Note the VPN pool is on the same subnet as Ethernet 0/1.  This means
> that the router will have to respond to arps for interfaces in that
> range when they are active.  It doesn't.  Tried arp blah blah blah
> alias; the router responds to the arps fine then but the data doesn't
> flow.
>
> Anyone have any ideas or a similar config that they've actually gotten
> to work?  I've tried a 1710 and a 2621, running 12.3 and 12.4
> mainline.
>
> Thanks,
>
>                                         ---Rob
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list