Question:
I'm running into a WS-C3560V2-24TS-S problem with a route
over a VPN tunnel. We have 5 sites
connected on a MPLS network. We have a
6th site that is connected by a site-to-site VPN tunnel that terminates on one
of the routers on the MPLS network.
This setup was working just fine for
us. Any of the 5 sites were able to
connect to the 6th site by routing traffic first over the MPLS network and then
over the VPN tunnel.
Now we ran into a problem when moving to a
new WAN circuit on the rotuer that hosts the VPN. We're moving our WAN circuit from a Serial
interface to a Gigabit interface. All
the configuration has been done: the new circuit is up, the old circuit is
down, and the VPN tunnel to the 6th site is up and terminated on the Gigabit
interface.
But, now we have a problem routing traffic
over this VPN tunnel. Let's say the
subnet at the 6th site is 1.1.1 .0/24. With the old circuit we had a route of 'ip
route 1.1.1.0 255.255.255.0 Serial0/0/0:0.100' and this was working for
us. I updated this to use the Gigabit
interface instead of the Serial, but it's not working. I can ping over the VPN tunnel from the
router, but no where else.
If I remove the route command alltogether I
can ping from the local LAN of the router, but not from any of the remote sites
(the 1.1.1 .0/24 is no longer advertised by BGP
and the traffic from the remote sites isn't routed properly anymore).
So, it seems like I'm just missing
something simple here...or I hope I am anyway.
Everything should fine with the VPN configuration; that has remanied
unchanged. The crypto map was just moved
from the Serial interface to the Gig interface.
The VPN certainly works just fine from the local router LAN when the
route command is removed. If anyone has
any idea why the router doesn't send traffic over the VPN when the route
command is in place I'd love to hear from you.
Answer:
Without the static route then the network
is not in the routing table and if the network is not in the routing table then
BGP can not advertise it. And if BGP does not advertise it then the remote
sites do not know how to reach it. So the problem does center on the static
route. The essence of the problem is in the way that you have expressed the
static route. Using the interface to identify the exit point for the static
route works fine when the exit is a point to point serial interface. But using
the interface as the identifier is problematic when the interface is Ethernet.
When you do a static route and specify an Ethernet as the exit then the router
must ARP for every remote address. This can work if the next hop router has
enabled proxy arp. But many providers do not. The best solution is to put the
static route back into the config but to specify the next hop address as the
exit rather than the interface.
For more WS-C3560V2-48TS-S Price news about Price ans Specification, you can click here.http://www.3anetwork.com/cisco-ws-c3560v2-48ts-s-price_p49.html
没有评论:
发表评论