Hello Claudio,
No luck.....I denied the tunnel intf. itself in the access-list and still
same problem. The ospf neighbor relation goes down...
R6-C#sh access-lists 199
Extended IP access list 199
deny ip 120.20.59.0 0.0.0.255 120.20.59.0 0.0.0.255
permit ip 120.20.0.0 0.0.255.55 120.20.0.0 0.0.255.255
permit ip 2.2.2.0 0.0.0.255 any log
R6-C#ri tu 1
Building configuration...
Current configuration : 164 bytes
!
interface Tunnel1
ip address 120.20.59.6 255.255.255.0
ip access-group 102 in
tunnel source 120.20.26.6
tunnel destination 120.20.26.2
crypto map mymap
end
R6-C#
2d23h: OSPF: 2.2.2.2 address 120.20.59.2 on Tunnel1 is dead
2d23h: OSPF: 2.2.2.2 address 120.20.59.2 on Tunnel1 is dead, state DOWN
R6-C#
2d23h: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on Tunnel1 from FULL to
DOWN, Neighbor Down: Dead timer expired
The moment I remove the crypto map from the tunnel intf. it all starts
working again!!
Any ideas?
>From: "Claudio Spescha" >Reply-To: "Claudio Spescha" >To:
[EMAIL PROTECTED] >Subject: RE: IPSec over Tunnel - not working !!
[7:62124] >Date: Wed, 29 Jan 2003 20:54:40 GMT > >Hello > >You should not
encrypt the tunnel network itself. >First line of access-list 199 should
be: access-list 199 deny ip 120.20.59.0 >0.0.0.255 120.20.59.0 0.0.0.255
>The router can not build an OSPF adjacency on encrypted traffic. > >see
misconduct and Nondisclosure violations to [EMAIL PROTECTED]
------------------------------------------------------------------------
The new MSN 8: smart spam protection and 2 months FREE*
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62172&t=62124
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
