Hello,
you can use "show crypto ipsec sa detail" and check the counters.
Maybe you need to increase the "replay window-size". see:
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gt_iarwe.html
If you can't find what is wrong, try also to switch to tunnel mode, just
in case this affects somehow the routers.
Regards,
John
On Tue, 28 Sep 2010, Stephane MAGAND wrote:
Hi
i have a new problems with my IPSec tunnels ...
Two routers:
Cisco 2821 with AIM connected in FastEthernet at Internet
Cisco 1721 connected in Adsl.
When i ping from 2821 to 1721 and use public internet address no
problems:
C2821#ping 84.xx.xx.1 size 600 repeat 150
Type escape sequence to abort.
Sending 150, 600-byte ICMP Echos to 84.xx.xx.1, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!
Success rate is 100 percent (150/150), round-trip min/avg/max = 44/46/68 ms
but when i ping using Ipsec tunnel :
C2821#ping vrf VPN003 10.11.12.254 size 600 repeat 150
Type escape sequence to abort.
Sending 150, 600-byte ICMP Echos to 10.11.12.254, timeout is 2 seconds:
!!!!!!!!.!!!!!!!!!!!!!!..!!!!..!.!.!!!!.!.!!....!..!!.!!!!!.!!!!!!.!!!
!!!!!!!!!!!.!.!!!!!.!!.!!!!!!!!!!.!!!!!!!!!!!!!.!!!!!!.!!!!.!!!!!!!!!.
!!!!!!!!.!
Success rate is 81 percent (122/150), round-trip min/avg/max = 52/58/104 ms
20 percent of lost.
Where i can debug the problems ?
thanks
Stephane
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
