Don't forget

wastedtimewastedtime Senior MemberMember Posts: 586 ■■■■□□□□□□
Don't you hate it when you make those simple mistakes?
I spent about 6 hours troubleshooting IPSec configurations on 2 routers trying to figure out why I can't get any traffic to go through the VPN. I said to myself "oh ya routes." I put in a couple static routes and they still were not working. I toyed with the configuration a bit then just started from scratch and tried different interfaces. I put everything in again and it still wouldn't work. I tried to remove the crypto maps from the interfaces to see if I could ping the distant network and couldn't. So I did a show ip route and noticed my static routes where not in there even though I put them in. At that point I just wanted it to work so I did a simple RIP configuration between them. I had it working within seconds after that. Now I was wondering why those static routes where not working. I checked them, double checked them, triple checked them and still nothing. Well come to find out I put them on the old interface that I was using between routers and the others I was using the local IP not the next hop router IP.
So now that I feel a bit dumb for making those mistakes (that I spent hours troubleshooting) I figured I would share it with the rest of you.


  • dynamikdynamik Senior Member Banned Posts: 12,312 ■■■■■■■■■□
    I'll never forget that while I was learning Javascript, I got hung up trying to troubleshoot one of my functions. I went through all the logic for over an hour, and everything seemed flawless. Well, I accidentally used fuction instead of function when creating the function. I've never got stuck on that again. It's no big deal; live and learn :D
  • ServerProvidesServerProvides Junior Member Member Posts: 20 ■□□□□□□□□□
    Hey don't take it too hard. You just spent 6 hrs troubleshooting and I'm sure that those IPSEC configs are burned into your retinas now. At any rate you're definitely more familiar with it now. Don't get too discouraged and always make sure to approach troubleshooting with an open mind, looking for the most common problems first.
    Currently Pursuing...

    BS in Computer Science
  • wastedtimewastedtime Senior Member Member Posts: 586 ■■■■□□□□□□
    It just annoyed me that I spent that much time on a very simple problem/mistake in contrast to what I was doing. On another note, I am looking at taking this test sometime this week.
  • peanutnogginpeanutnoggin Senior Member Member Posts: 1,096 ■■■□□□□□□□
    It happens to the best of us... good luck on your test whenever you take it.

    We cannot have a superior democracy with an inferior education system!

    -Mayor Cory Booker
  • wastedtimewastedtime Senior Member Member Posts: 586 ■■■■□□□□□□
    It happens to the best of us... good luck on your test whenever you take it.


    Thanks, funny you should mention that though as I just registered to take the test a few hours ago.
  • wastedtimewastedtime Senior Member Member Posts: 586 ■■■■□□□□□□
    I took the CCNA Security today and did alright on it with an 844. I went into it knowing that I was a bit weak on zone based firewalls and it showed as that was my lowest score. That is alright though, as I plan on implementing it on my home network when I get back to the states. So I will have plenty of practice then.

    As far as materials go I used the Cisco press book, CBT Nuggets, and I searched the Cisco site for some items. Like other people have said, the CBT Nuggets is right on the dot so listen to everything he says. On the other hand I wonder if the author of the Cisco press book was afraid to leave something out. They did cover everything and with enough or more than enough depth but they also covered stuff that wasn’t even in the objectives on Cisco’s site like the chapter on SAN security. So if you use the Cisco press book I would suggest comparing the exam objectives to what you are looking at in the book.

    The one thing I disliked about CCNA Security was the SDM configuration. I think they would be better off just leaving that out or at the minimum leaving out any SDM configuration that they expect you to be able to do via CLI.

    Well next is 70-291 to finish up my MCSA.

    Oh and just so you all know. Of the 9 areas VPNs was my second highest.
  • mikej412mikej412 Cisco Moderator Member Posts: 10,086 ■■■■■■■■■■
    Congratulations!! icon_cheers.gif

    Good Luck finishing up your MCSA icon_study.gif
    :mike: Cisco Certifications -- Collect the Entire Set!
  • SatcomSatcom CCNA in progress Member Posts: 110
    sounds like a fun trouble shooting exercise
Sign In or Register to comment.