
IP CEF
I've got a strange one or I'm getting a good case of the stupids. I have an ASA5505 Security Plus back in the US on my home network & a 881W with 15.1 Adv IP Services in Afghanistan. I set up a site-to-site VPN between the two. I could ping my 2511 for my home lab from the 881W when sourced from the crypto map's "interesting traffic" VLAN, but not from my laptop which is on that same VLAN. Set up an ACL to debug the IP packets between the two hosts. Turned off ip cef so I could get the debug info & did a ping - the traffic went through. Turned ip cef back on & the traffic was blocked again. What is with ip cef? Are there any negative interactions with IPSec VPNs? Pertinent excerpt from "show ip cef" be;ow.
Prefix Next Hop Interface
10.10.30.18/32 attached Vlan30
10.101.2.0/24 173.11.153.25 FastEthernet4
10.139.22.176/28 attached FastEthernet4
10.139.22.176/32 receive FastEthernet4
10.139.22.177/32 attached FastEthernet4
10.139.22.178/32 receive FastEthernet4
10.10.30.18 on VLAN30 is my laptop. 173.11.153.25 is my outside interface on the ASA (other end of IPSec tunnel). 10.101.2.0 is the interesting traffic on the home network. 10.139.22.177 is the satellite modem GW & .178 is my 881W outdside interface. It is NAT'd by the satellite provider to a public IP.
Thanks, David D.
Comments
[email protected]
Internetwork Expert, Inc.
http://www.INE.com
Online Community: http://www.IEOC.com
CCIE Blog: http://blog.INE.com
From: [email protected] [[email protected]] On Behalf Of dunhamdd [[email protected]]
Sent: Sunday, May 22, 2011 8:47 AM
To: Brian McGahan
Subject: [CCIE R&S] IP CEF
I've got a strange one or I'm getting a good case of the stupids. I have an ASA5505 Security Plus back in the US on my home network & a 881W with 15.1 Adv IP Services in Afghanistan. I set up a site-to-site VPN between the two. I could ping my 2511 for
my home lab from the 881W when sourced from the crypto map's "interesting traffic" VLAN, but not from my laptop which is on that same VLAN. Set up an ACL to debug the IP packets between the two hosts. Turned off ip cef so I could get the debug info & did
a ping - the traffic went through. Turned ip cef back on & the traffic was blocked again. What is with ip cef? Are there any negative interactions with IPSec VPNs? Pertinent excerpt from "show ip cef" be;ow.
Prefix Next Hop Interface
10.10.30.18/32 attached Vlan30
10.101.2.0/24 173.11.153.25 FastEthernet4
10.139.22.176/28 attached FastEthernet4
10.139.22.176/32 receive FastEthernet4
10.139.22.177/32 attached FastEthernet4
10.139.22.178/32 receive FastEthernet4
10.10.30.18 on VLAN30 is my laptop. 173.11.153.25 is my outside interface on the ASA (other end of IPSec tunnel). 10.101.2.0 is the interesting traffic on the home network. 10.139.22.177 is the satellite modem GW & .178 is my 881W outdside interface.
It is NAT'd by the satellite provider to a public IP.
Thanks, David D.
INE - The Industry Leader in CCIE Preparation
http://www.INE.com
Subscription information may be found at:
http://www.ieoc.com/forums/ForumSubscriptions.aspx
Thanks - you make me feel better. I thought I was misunderstanding CEF. Not much traffic, so I will leave it. Will worry about a TAC ticket next month when my contract is complete and I'm back home again for a while.
Latest IOS loaded & no longer a problem. Couldn't find anything in the bug fix tool though. Thanks, Brian. Appreciated teh feedback.
David