Hi,
I set up my VPN on a Cisco router 1711 running IOS 12.2(15)ZL1. Everything works fine but I need to log incoming ESP packets from the client, otherwise the router does not respond to those packets.
permit esp any host 2.2.2.2 NO RESPONSE permit esp any host 2.2.2.2 log WORKS
I wonder why "log" is required. Thanks for any hints.
The LOG keyword may be forcing some packets to be process switched that would otherwise be fast switched using your preferred fast switching poison.
You can force process switching with no ip route-cache on the interfaces. You could try this instead of log.
If that "works" call Cisco 'cos its a bug.
What _Exactly_ is 12.2(15)ZL1 ????????
If it supports your requirements move to a "mainline" release. i.e. 12.x(y) with NO successive letters.
OR failing that:- the "T" train.
12.x(y)TRead about the IOS release process and look at the IOS roadmap.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.