thanks. I looked at the bug report, which does not mention IPX, nor IOS 12.1.x, which my customer is running ( on different platforms ) first found in 12.2.3, but probably exists in a lot of other earlier versions. Also, the report speaks of GRE/IPSec tunnels in a hub and spoke setup. My troubles are in a point to point setup.
Looks like there are plenty of similar acting bugs for everyone to enjoy. ;-> thanks again for the pointer. Chuck ""Thomas Salmen"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Sorry - I missed your original post. There is a (resolved) bug (CSCdv16876) > in IOS 12.2(3) where traffic does not pass across IPSec (or GRE) tunnels if > fast switching is enabled on the tunnel interfaces - and it is by default. > What often confuses is that ICMP pings are usually successful. > > -- > Regards, > Thomas Salmen > > Network Manager > Radionet Ltd. > 72 Paul Matthews Road > Albany, Auckland, New Zealand > Ph: +64 9 4140 300 > > > -----Original Message----- > From: Chuck Larrieu [mailto:[EMAIL PROTECTED]] > Sent: Sunday, 3 February 2002 1:20 p.m. > To: [EMAIL PROTECTED] > Subject: IPX over IPSec Tunnel - mystery solved?!?!? [7:34231] > > > It's been a while, so let me restate the problem. > > R1------internet-------R2------ethernet-------R3-------frame_relay--------re > st of network > |-----IPsec_tunnel---| > IPX encapsulated > > IPX RIP --------------------------------------------| |-----------------IPX > EIGRP-----------| > > hope this makes sense. > > all routers are seeing all servers and all routes. > > However, the IPX client workstation cannot see or log on to a server located > somewhere in the EIGRP domain. > > I had been blowing off the customer, telling him it was a workstation / NIC > problem. He finally got ticked at me, and I finally went on site to see what > I can see. Note - I am in sales, not implementation. The implementation > people closed the project once they saw all IPX routes on the R1 router. > > So I arrive on site, and find that IPX pinging is not properly working. R1 > can IPX ping to R2, but not to R3, or anywhere else in the IPX EIGRP domain > and visa versa. HHHhhhhmmmmmmm.......... IPX routes are showing up > everywhere. IPX servers show up everywhere. debug IPX routing shows routing > exchanges taking place. But IPX ping fails from the IPX RIP domain into the > IPX EIGRP domain and back. Got a clue? > > I didn't, so I opened a TAC case. > > Let me add that R1 and R2 are 827 routers with IP/IPX/IPSec IOS images. R3 > and the rest of the network are 1720 routers with desktop images. > > Cisco's answer, given in an offhand manner after reviewing my configs, blew > me away. I can come up with no rationale as to why their solution worked. > But here it is: > > add the statement "no ipx route-cache" to the tunnel interfaces of the > 827's. One of my pals in implementation telneted in, did so, and told me > that IPX ping was now working fine from every place to every other place in > the network. > > Cisco TAC told me that "it sounded like a problem with fast cache" Huh? > > What further puzzles me is that I cannot duplicate the issue here in my own > lab. IPX pinging works just fine from the RIP domain to the EIGRP domain > across the IPsec tunnel. 25xx routers all, with more or less the same IOS > versions. > > Well, this one has been fun. chalk up another one to the vagaries of the > bloatware that the IOS is becoming/has become. > > Chuck Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34240&t=34231 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
