Hi Georg,

im not sure how NAT is wrong as they are working for the web traffic going to the 111 WAN address. I’m happy to ignore the other (secondary) address for now. The network is complete in terms of devices. I need IPsec from all of the sites other than ‘Random Router’ to the main site ‘London A’. 
the IPsec configuration was working until I reloaded back to the saved state. I also need to configure access for ‘Business Admin’ VLAN users to be able to view and make changes to the router. 

Hello,

chances are that parts of the configuration were not saved correctly during the reload. The file I opened had partial NAT, and access lists with wrong subnet masks. Basically, when you use NAT and IPSec together, the access list used for NAT needs to exclude the IPSec traffic.

I'll have a look again, based on the additional information you have provided.

EDIT: I removed all the redundant NAT config from the remote routers, and changed the access list (mask) on the Birmngham router. I can ping 192.168.0.2 from each remote PC. I also added the Random_Router LAN to OSPF, not sure if that is needed.

Attached the revised file.

Hi Gerog,

Thanks for your reply!

I had a look at your changes and i can see that the the nat inside rules were removed from each router. I didnt think this would interrupt anything? Anyway, it still seems that I have the same IPsec issue as before though. All of the sites configured with IPsec cant ping 192.168.0.2. The only site that can is the random router PC because of OSPF and I will be later blocking this when I get the network working correctly.

If you see on simulation mode, the packet makes it into the network to 192.168.0.2 through IPsec, it then gets back to the locations router and gets sent back. to the 'internet'. Its almost as if:

ip route 0.0.0.0 0.0.0.0 (to the internet) is breaking this? I have had a similar problem before however before it was completely ignoring IPsec and got sent to the internet where it got lost.

Also, what command do you use to save the config?

Hi Georg,

I believe the configs are complete. I am using v8.2.0 I believe. I will try again later with a different PC.

what version are you using?

Helo,

8.2 (the latest actually), on Windows 10.

It turns out the configuration is working fine from another PC. For some reason packet tracer has decided to not work with IPsec on my PC anymore. I have tried uninstalling and reinstalling it and surprisingly that hasn’t helped…. I hate this software

Hello,

IPSec can be pretty resource intensive. What are the specs of the PC it is NOT working on correctly ?

The one it doesn’t work is used for gaming(i7 8th gen 32GB ram and a nvidia 2080. The one it’s working on is an i3 laptop from 2012

Really odd. I know that Packet Tracer needs some exceptions in Windows Firewall/Defender, maybe that is the problem...

I already fully disabled it but that hasn’t helped. It literally just randomly stopped working which is why I tried to reload back to the old pkt file. I guess this is solved