[c-nsp] 7600 with SPA-IPSEC-2G Tunnel protection

[Dan Benson]

List, 

I have two Cisco 7604s (sup720 Base) and I have installed SPA-IPSEC-2Gs in them.  Currently I am running s72033-advipservicesk9_wan-mz.122-33 and I have yet to find success in protecting tunnel traffic.   The second I configure the tunnel mode to ipsec, the tunnel goes up/down proto. All IPsec and ISA stats look good. 

Additionally I have tried to crypto the tunnel endpoints on each side and allow GRE in the crypto map but that has brought no success.  

Can someone shed light? As always, thank you for your insight in advance.

db



A Side config:
crypto isakmp policy 10
 encr 3des
 hash md5
 authentication pre-share
 group 2
crypto isakmp key ********** address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 60
!
!
crypto ipsec transform-set GLOBALIP esp-3des esp-md5-hmac
 mode transport
!
crypto ipsec profile GIP
 set transform-set GLOBALIP
!
!
!
interface Tunnel1
 ip address 192.168.255.141 255.255.255.252
 ip flow ingress
 ip ospf network point-to-point
 ip ospf cost 100
 ip ospf mtu-ignore
 tunnel source Vlan2
 tunnel destination **********
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile GIP
 crypto engine slot 4/0 inside



===============

B Side config: 
crypto isakmp policy 10
 encr 3des
 hash md5
 authentication pre-share
 group 2
crypto isakmp key ********* address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 60
!
!
crypto ipsec transform-set GLOBALIP esp-3des esp-md5-hmac
 mode transport
!
crypto ipsec profile GIP
 set transform-set GLOBALIP
!
!
!
!
interface Tunnel1
 ip address 192.168.255.142 255.255.255.252
 ip flow ingress
 ip ospf network point-to-point
 ip ospf cost 100
 ip ospf mtu-ignore
 tunnel source Vlan2
 tunnel destination *******
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile GIP
 crypto engine slot 4/0 inside