skindt
asked on
EZVPN and phantom routes?
Hello Experts-
I have an existing VPN 800 series router that is connecting to a 7600 series fine. crypto ISAKMP reaches the QM_IDLE state. RRI is enabled and the reverse route is being injected into the 7600. The problem is there is an additional route on the 7600 pointing to the IP this VPN connected yesterday and I cannot clear it out.
7600 - sh ip route static (my vpn network IP's are changed for security purposes)
S 1.1.1.0 /29 [1/0] via 212.165.68.185 << THIS WAS THE VALID ROUTE YESTERDAY
[1/0] via 194.98.42.25 <<THIS IS THE VALID ROUTE
When I clear the route: clear ip route 1.1.1.0 255.255.255.248
S 1.1.1.0 /29 [1/0] via 212.165.68.185
This route will not clear out of the routing table. After I reset the VPN session the valid route is re-inserted but the 212.165.68.185 destination will not remove from the routing table.
Here is a ping to my network across the VPN
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
. ! . ! .
Success rate is 40 percent (2/5)
This is obviously due to the router attempting to load balance across the 2 static routes.
I have debugged the route: debug ip routing static route 1.1.1.0 255.255.255.248
and the invalid route updates the same time as the valid route. I have reviewed the configs on the local (7600) and the remote (800) routers and all is good.
Any thoughts on how to clear the invalid route or determine where it is coming from? I have 4 other VPN routers that are connected and operational.
Thoughts, comments, solutions?
thanks
I have an existing VPN 800 series router that is connecting to a 7600 series fine. crypto ISAKMP reaches the QM_IDLE state. RRI is enabled and the reverse route is being injected into the 7600. The problem is there is an additional route on the 7600 pointing to the IP this VPN connected yesterday and I cannot clear it out.
7600 - sh ip route static (my vpn network IP's are changed for security purposes)
S 1.1.1.0 /29 [1/0] via 212.165.68.185 << THIS WAS THE VALID ROUTE YESTERDAY
[1/0] via 194.98.42.25 <<THIS IS THE VALID ROUTE
When I clear the route: clear ip route 1.1.1.0 255.255.255.248
S 1.1.1.0 /29 [1/0] via 212.165.68.185
This route will not clear out of the routing table. After I reset the VPN session the valid route is re-inserted but the 212.165.68.185 destination will not remove from the routing table.
Here is a ping to my network across the VPN
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
. ! . ! .
Success rate is 40 percent (2/5)
This is obviously due to the router attempting to load balance across the 2 static routes.
I have debugged the route: debug ip routing static route 1.1.1.0 255.255.255.248
and the invalid route updates the same time as the valid route. I have reviewed the configs on the local (7600) and the remote (800) routers and all is good.
Any thoughts on how to clear the invalid route or determine where it is coming from? I have 4 other VPN routers that are connected and operational.
Thoughts, comments, solutions?
thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.