BVI and IPSEC bug

From: Sam Munzani (sam@xxxxxxxxxxx)
Date: Tue Jan 02 2001 - 15:49:20 GMT-3

Next message: Sam Munzani: "Re: BVI and IPSEC bug"
Previous message: Zeb: "RTP Date Jan. 31-Feb. 1 available for swap"
Next in thread: Sam Munzani: "Re: BVI and IPSEC bug"
Maybe reply: Sam Munzani: "Re: BVI and IPSEC bug"
Maybe reply: Erick B.: "Re: BVI and IPSEC bug"
Maybe reply: Dave Oakman: "RE: BVI and IPSEC bug"
Maybe reply: Frank Jimenez: "RE: BVI and IPSEC bug"
Maybe reply: Sam Munzani: "Re: BVI and IPSEC bug"
Maybe reply: Wu Jiang: "Re: BVI and IPSEC bug"
Maybe reply: Sam Munzani: "Re: BVI and IPSEC bug"
Maybe reply: Wu Jiang: "Re: BVI and IPSEC bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Group,

I just came across a bug that is worth sharing with you fine people out =
there.

If you apply crypto map to a BVI interface, your IPSEC VPN doesn't work. =
The first packet will go through and then it will die.

You would love to use BVI in redundant ISP Router environment like =
below.

ISP Router-1 ISP Router-2
      | |
   S/W ------------ S/W
      | /
      | /
      | /
      | /
    VPN Router
      |

E0 and E1 of VPN router is connected to those 2 switches and creates a =
BVI. E2 connects to inside of the network.=20

This will not work.

Regards,

Sam

Next message: Sam Munzani: "Re: BVI and IPSEC bug"
Previous message: Zeb: "RTP Date Jan. 31-Feb. 1 available for swap"
Next in thread: Sam Munzani: "Re: BVI and IPSEC bug"
Maybe reply: Sam Munzani: "Re: BVI and IPSEC bug"
Maybe reply: Erick B.: "Re: BVI and IPSEC bug"
Maybe reply: Dave Oakman: "RE: BVI and IPSEC bug"
Maybe reply: Frank Jimenez: "RE: BVI and IPSEC bug"
Maybe reply: Sam Munzani: "Re: BVI and IPSEC bug"
Maybe reply: Wu Jiang: "Re: BVI and IPSEC bug"
Maybe reply: Sam Munzani: "Re: BVI and IPSEC bug"
Maybe reply: Wu Jiang: "Re: BVI and IPSEC bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:27:21 GMT-3