From: Antonio Soares (amsoares@netcabo.pt)
Date: Wed Jan 28 2009 - 10:44:15 ARST
Hello group,
Need help troubleshooting this one. One 7600 was upgraded from 12.2.18SXE1 to 12.2.33SRB2 and now the SPA-IPSEC-2G is not encrypting
the traffic. In fact the module seems healthy but something is missing in the outputs bellow:
------------------------------------------------------------------
7606#show crypto eli
Hardware Encryption : ACTIVE
Number of hardware crypto engines = 1
CryptoEngine SPA-IPSEC-2G[3/0] details: state = Active
Capability :
IPSEC: DES, 3DES, AES, RSA
IKE-Session : 0 active, 16383 max, 0 failed
DH : 0 active, 9999 max, 0 failed
IPSec-Session : 0 active, 65534 max, 0 failed
------------------------------------------------------------------
7606#sh crypto en brief
crypto engine name: Cisco VPN Software Implementation
crypto engine type: software
serial number: 00000000
crypto engine state: installed
crypto engine in slot: N/A
------------------------------------------------------------------
7606#sh crypto en conf
crypto engine name: Cisco VPN Software Implementation
crypto engine type: software
serial number: xxxxxxxx
crypto engine state: installed
crypto engine in slot: N/A
platform: Cisco Software Crypto Engine
Crypto Adjacency Counts:
Lock Count: 0
Unlock Count: 0
crypto lib version: 18.0.0
7606#
------------------------------------------------------------------
What troubleshooting steps should i take ? The SPA is used to accelerate IPSec Virtual Tunnel Interfaces (IPsec VTIs). Here's the
configuration of one tunnel interface:
!
interface Tunnelx
ip unnumbered Loopbackx
tunnel source x.x.x.x
tunnel destination x.x.x.x
tunnel mode ipsec ipv4
tunnel protection ipsec profile CRYPTO-IPSEC-PROFILE
crypto engine gre vpnblade
crypto engine slot 3/0 inside
!
Thanks.
Regards,
Antonio Soares, CCIE #18473 (R&S)
amsoares@netcabo.pt
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:40 ARST