Cisco 1841 IPSEC Tunnel Failover Bug

Ran into a strange issue with crypto maps and ipsec tunnel failover on an 1841. We had a t1 link between the HQ site and the remote site. EIGRP routing protocol was running across the WAN link. A backup DR ipsec tunnel was configured using a crypto ma (standard config, no tunnel interface) across a comcast cable link. DR tunnel came up as soon as the t1 went down, and traffic failed over. But when the t1 was restored, the specific ip address that had been used as a test case on the 1841 router would not flow back across the ipsec tunnel. All other ip addresses that had NOT been pinged from the 1841 across the ipsec tunnel would work fine.

I cleared ip cache, then even removed all ip route caching, turned off cef, and the route still would not work for the single ip address. It was still being forced out the crypto mapped connection.

IOS exhibiting this bug: c1841-advsecurityk9-mz.124-15.T7.bin

richweb's blog
Add new comment

Main menu

Secondary menu

Cisco 1841 IPSEC Tunnel Failover Bug

Over 17 Years Experience

Richmond

Go Social!

Email