EZVPN and phantom routes?

Hello Experts-

I have an existing VPN 800 series router that is connecting to a 7600 series fine.  crypto ISAKMP reaches the QM_IDLE state.  RRI is enabled and the reverse route is being injected into the 7600.  The problem is there is an additional route on the 7600 pointing to the IP this VPN connected yesterday and I cannot clear it out.  

7600 -  sh ip route static  (my vpn network IP's are changed for security purposes)

S       1.1.1.0 /29 [1/0] via 212.165.68.185   << THIS WAS THE VALID ROUTE YESTERDAY
                            [1/0] via 194.98.42.25       <<THIS IS THE VALID ROUTE

When I clear the route:      clear ip route 1.1.1.0 255.255.255.248

S       1.1.1.0 /29 [1/0] via 212.165.68.185

This route will not clear out of the routing table.  After I reset the VPN session the valid route is re-inserted but the 212.165.68.185 destination will not remove from the routing table.

Here is a ping to my network across the VPN

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
. ! . ! .
Success rate is 40 percent (2/5)

This is obviously due to the router attempting to load balance across the 2 static routes.

I have debugged the route:   debug ip routing static route 1.1.1.0 255.255.255.248
and the invalid route updates the same time as the valid route.  I have reviewed the configs on the local (7600) and the remote (800) routers and all is good.  

Any thoughts on how to clear the invalid route or determine where it is coming from?  I have 4 other VPN routers that are connected and operational.

Thoughts, comments, solutions?

thanks


skindtAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Nothing_ChangedCommented:
Does the 800 router's VPN terminate at the 7600, or in something else that is injecting the route into the 7600's route table? (looking for cure)

Can you successfully delete all routes to 1.1.1.0/29, and let just the good one be re-injected? (treating symptom for now)
0
skindtAuthor Commented:
The problem was I could not clear the incorrect route.  I even cleared the entire route table.  It just kept coming back.  Since I was strapped for time, I simply had to reboot the router (7600) which cleared the phantom route and now things are running smooth again.  I wish I could have troubleshoot the issue longer since I think a reboot is a cop-out.  If I find any additional information I will be sure to post for other users.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.