I'm able to set up AES IPSec tunnels from an 1811 router to a 3845 router, but cannot pass traffic. A firewall, not under our control, sits immediately in front of the 3845, so I suspect that it is causing the problem.
ip route 0.0.0.0 0.0.0.0 80.123.118.209 ip route 10.0.0.0 255.0.0.0 Tunnel0 ip route 10.0.0.0 255.0.0.0 Tunnel1 2 ip route 10.128.0.1 255.255.255.255 10.160.224.1 ip route 172.0.0.0 255.0.0.0 Tunnel0 ip route 172.22.0.0 255.255.0.0 Tunnel0 ip route 172.22.0.0 255.255.0.0 Tunnel1 2 ip route 121.212.111.0 255.255.0.0 Tunnel1 ip route 121.212.111.121 255.255.255.255 80.123.123.123
With tunnel0 shutdown, the routing table looks like:
Gateway of last resort is 80.123.123.123 to network 0.0.0.0
80.0.0.0/28 is subnetted, 1 subnets C 80.123.123.123 is directly connected, FastEthernet1 172.22.0.0/16 is variably subnetted, 2 subnets, 2 masks C 172.22.20.0/28 is directly connected, Vlan2 S 172.22.0.0/16 is directly connected, Tunnel1 10.0.0.0/8 is variably subnetted, 6 subnets, 5 masks S 10.0.0.0/8 is directly connected, Tunnel1 C 10.190.1.252/30 is directly connected, Tunnel1 C 10.160.224.0/26 is directly connected, FastEthernet0 S 10.128.0.1/32 [1/0] via 10.160.224.1 C 10.160.224.254/32 is directly connected, Loopback0 C 10.33.224.0/24 is directly connected, Vlan2 121.212.111.0/32 is subnetted, 1 subnets S 121.212.111.121 [1/0] via 80.123.123.123 S* 0.0.0.0/0 [1/0] via 80.123.123.122 S 121.212.0.0/16 is directly connected, Tunnel1
Issue was resolved by changing the default route on the 3845. It had pointed all traffic to the wrong interface on the firewall. This still allowed the tunnels to come up, but not pass traffic. Very bizarre. Problem identified by looking at logs that included icmp redirects.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.