Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

IPSEC Tunnels and routing

Status
Not open for further replies.
bp1169

bp1169

IS-IT--Management
Mar 23, 2001
97
US
Hope someone can help, this has got me stumped. I have a layout that looks something like this

5 offices--5 routers -- 1 Core Router---PIX FW-(ipsec via internet)--router--branch office.

The problem occurs when routing traffic from the branch office via the ipsec through the internet in through the pix and out on the internal network. The office which is VPNing into our network makes the connection fine and can connect to several of the subnets perfectly, however, randomly and without reason they periodically cannot connect to some of the offices on the internal network. They can still however access other internal network branches. There have been no internal network problems so I am certain it has something to do with the ipsec tunnel. There is no routing on the branch router, just a static route to the downstream internet router. I have routes set in the firewall to direct internal appropriate traffic. I am looking for any ideas as to where this problem may lie. Thanks for any assistance
 
Sort by date Sort by votes
How do you get the connection to come back up? Can you issue a....

clear ipsec isakmp
clear ipsec sa

Does the VPN connect to all the other networks after running the above clear commands?

When the branch office loose connection to the other networks, can you establish access to a box (either workstation or server) in that office and run some traces? If you have a sharp user they could run a trace from their desktop if you can't connect. The trace will give you an idea what piece of equipment is failing or if it's the VPN that is causing you problems. If you can trace to the network that is not responding and one that is responding it should give you some idea of where to start troubleshooting.

I had a similar problem with remote office connections over a VPN. Working with Cisco it took me about four months to figure out the problem. Your situation is a little different since it sounds like your VPN tunnel is still up and responding to parts of your network but loose connections to others does not sound like a VPN issue.

Are you running any routing protocols at all?

david e
*end users are just like computers, some you can work with...others just need a simple reBOOTing to fix their problems.*
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Pankaj88
  • Locked
  • Question
BGP Routing Clarification
Replies
0
Views
191
Pankaj88
Pankaj88
Lccarter
  • Locked
  • Question
Cisco CUCM Provisioning and Order Management System
Replies
1
Views
243
Lccarter
Lccarter
Mogles49
  • Locked
  • Question
tshooting-tunnels
Replies
0
Views
108
Mogles49
Mogles49
mikey789
  • Locked
  • Question
Can 4000-M Routing VLANs ?
Replies
0
Views
113
mikey789
mikey789
acabezas2014
  • Locked
  • Question
Need to create QoS for SNMP and Radius traffic on Cisco 4948 Switches
Replies
0
Views
128
acabezas2014
acabezas2014

Part and Inventory Search

Sponsor

Back
Top