[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

EZVPN and phantom routes?

Posted on 2010-04-09
2
Medium Priority
?
831 Views
Last Modified: 2012-05-09
Hello Experts-

I have an existing VPN 800 series router that is connecting to a 7600 series fine.  crypto ISAKMP reaches the QM_IDLE state.  RRI is enabled and the reverse route is being injected into the 7600.  The problem is there is an additional route on the 7600 pointing to the IP this VPN connected yesterday and I cannot clear it out.  

7600 -  sh ip route static  (my vpn network IP's are changed for security purposes)

S       1.1.1.0 /29 [1/0] via 212.165.68.185   << THIS WAS THE VALID ROUTE YESTERDAY
                            [1/0] via 194.98.42.25       <<THIS IS THE VALID ROUTE

When I clear the route:      clear ip route 1.1.1.0 255.255.255.248

S       1.1.1.0 /29 [1/0] via 212.165.68.185

This route will not clear out of the routing table.  After I reset the VPN session the valid route is re-inserted but the 212.165.68.185 destination will not remove from the routing table.

Here is a ping to my network across the VPN

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
. ! . ! .
Success rate is 40 percent (2/5)

This is obviously due to the router attempting to load balance across the 2 static routes.

I have debugged the route:   debug ip routing static route 1.1.1.0 255.255.255.248
and the invalid route updates the same time as the valid route.  I have reviewed the configs on the local (7600) and the remote (800) routers and all is good.  

Any thoughts on how to clear the invalid route or determine where it is coming from?  I have 4 other VPN routers that are connected and operational.

Thoughts, comments, solutions?

thanks


0
Comment
Question by:skindt
2 Comments
 
LVL 8

Assisted Solution

by:Nothing_Changed
Nothing_Changed earned 2000 total points
ID: 30210671
Does the 800 router's VPN terminate at the 7600, or in something else that is injecting the route into the 7600's route table? (looking for cure)

Can you successfully delete all routes to 1.1.1.0/29, and let just the good one be re-injected? (treating symptom for now)
0
 

Accepted Solution

by:
skindt earned 0 total points
ID: 30211916
The problem was I could not clear the incorrect route.  I even cleared the entire route table.  It just kept coming back.  Since I was strapped for time, I simply had to reboot the router (7600) which cleared the phantom route and now things are running smooth again.  I wish I could have troubleshoot the issue longer since I think a reboot is a cop-out.  If I find any additional information I will be sure to post for other users.
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

590 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question