Can you show the crypto maps applied to R6 interfaces? From: [email protected] [mailto:[email protected]] On Behalf Of Imre Oszkar Sent: Thursday, June 21, 2012 8:48 PM To: ccie security Subject: [OSL | CCIE_Security] dual armed EZVPN
Hi guys, R4 (EZ remote) -----R6(EZ SERVER) ------ (EZ vpn client) The crypto map on R6 is applied to both interfaces (the one facing R4 and the one facing test pc) Both EzVPN clients are able to connect, however I noticed one interesting thing. The peer address on the clients must be the ip address of the facing interface otherwise the returning traffic from the server to the client will black holed by the server. The received packets are decrypted by the server but the returning traffic won't be encrypted. RIB/FIB are OK, they are pointing to the right interface/next-hop. Does anybody have an explanation why is this happening? Thanks! Oszkar
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
