Symptom
If NIM-1T or NIM-4T is used between C8200 and ISR4K
GRE over ipsec + NAT >>>>>> Failed
Conditions
1) HW
The issue is confirmed on
- Cisco C8200 ,C8300
2) Configuration
- Use NAT
- GRE over IPsec (GRE encapsulated within IPSec) using IPSec crypto map
- Use NIM-1T or NIM-4T card for interconnection
Workaround
config the IPsec over tunnel interface, seemed will not hit this issue again.
MXC.TAC.L.07-C8200-02#telnet 192.168.10.254 /source-interface g0/0/1
Trying 192.168.10.254 ... Open
User Access Verification
Password:
*May 26 07:21:35.082: TCB7F3DCB0701C0 created
*May 26 07:21:35.082: TCB7F3DCB0701C0 setting property TCP_VRFTABLEID (20) 7F3DCB0A7DE8
*May 26 07:21:35.082: TCB7F3DCB0701C0 setting property TCP_TOS (11) 7F3DCB0A7ED0
*May 26 07:21:35.082: tcp_uniqueport: using ephemeral max 65535
*May 26 07:21:35.082: TCP: Random local port generated 38454, network 1
*May 26 07:21:35.082: TCB7F3DCB0701C0 bound to 172.19.152.2.38454
*May 26 07:21:35.082: Reserved port 38454 in Transport Port Agent for TCP IP type 1
*May 26 07:21:35.082: TCP: sending SYN, seq 1948465011, ack 0
*May 26 07:21:35.082: TCP0: Connection to 192.168.10.254:23, advertising MSS 536
*May 26 07:21:35.082: TCP0: state was CLOSED -> SYNSENT [38454 -> 192.168.10.254(23)]
*May 26 07:21:35.092: TCP0: state was SYNSENT -> ESTAB [38454 -> 192.168.10.254(23)]
*May 26 07:21:35.092: TCP: tcb 7F3DCB0701C0 connection to 192.168.10.254:23, peer MSS 536, MSS is 536
*May 26 07:21:35.092: TCB7F3DCB0701C0 connected to 192.168.10.254.23
