Dear Jitendra!!!!

Thanks for your response!!!!

But i configured GRE tunneling with IPSec on both same routers and successfully packets was encrypted.

At the same time i configured IPSec VPN on both routers and tunnel came up but there was a some ping issue.

So that i asking is there any related with license or not????

Regards,

Janardhan

if your vpn is up and running then it will not e a license issue.

perhaps you should check the configuration. are you facing this issue only for icmp or whole traffic for that tunnel?

Currently i am checking only Ping between these two sites....

From Local interface of Site-A is pinging from the System is connected to Local interface of Site-B but not vice-versa...

Please advise me??

Regards,

Janardhan

For your reference i am attaching my two sites configuration.

I verified with

Sh crypto ipsec sa

Sh crypto isakmp

For both commands  i got out put with packet encapsulated and decapsulated.

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname CISCO-1841R

!

boot-start-marker

boot-end-marker

!

enable password nipun

!

no aaa new-model

ip cef

!

!

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

!

!

!

!

!

!

!

!

!

crypto isakmp policy 10

authentication pre-share

crypto isakmp key JANNU address 192.168.15.210

!

!

crypto ipsec transform-set MYSET esp-3des esp-md5-hmac

!

crypto map MYMAP 10 ipsec-isakmp

set peer 192.168.15.210

set transform-set MYSET

match address 112

!

!

!

interface FastEthernet0/0

ip address 192.168.15.220 255.255.255.0

ip access-group 113 in

ip access-group 113 out

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

crypto map MYMAP

!

interface FastEthernet0/1

ip address 20.20.20.1 255.255.255.0

ip access-group 113 in

ip access-group 113 out

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

interface Serial0/0/0

no ip address

shutdown

clock rate 2000000

!

interface Serial0/0/1

no ip address

shutdown

clock rate 2000000

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 192.168.15.99

!

ip http server

no ip http secure-server

ip nat inside source list 111 interface FastEthernet0/0 overload

!

access-list 111 deny   ip 20.20.20.0 0.0.0.255 10.10.10.0 0.0.0.255

access-list 111 permit ip 20.20.20.0 0.0.0.255 any

access-list 112 permit ip 20.20.20.0 0.0.0.255 10.10.10.0 0.0.0.255

access-list 113 permit ip 10.10.10.0 0.0.0.255 20.20.20.0 0.0.0.255

access-list 113 permit ip 20.20.20.0 0.0.0.255 10.10.10.0 0.0.0.255

access-list 113 permit udp host 192.168.15.210 host 192.168.15.220 eq non500-isakmp

access-list 113 permit udp host 192.168.15.220 host 192.168.15.210 eq non500-isakmp

access-list 113 permit udp host 192.168.15.210 host 192.168.15.220 eq isakmp

access-list 113 permit udp host 192.168.15.220 host 192.168.15.210 eq isakmp

access-list 113 permit esp host 192.168.15.210 host 192.168.15.220

access-list 113 permit esp host 192.168.15.220 host 192.168.15.210

access-list 113 permit ahp host 192.168.15.210 host 192.168.15.220

access-list 113 permit ahp host 192.168.15.220 host 192.168.15.210

access-list 113 permit tcp any any

access-list 113 permit udp any any

access-list 113 permit icmp any any

access-list 113 permit esp any any

access-list 113 permit ahp any any

access-list 113 permit ip any any

!

!

control-plane

!

!

line con 0

line aux 0

line vty 0 4

exec-timeout 0 0

password nipun

login

!

scheduler allocate 20000 1000

end

this is only one site configuration.

is this a test router and if then have you tried to remove the nat and then try. or you can also check the debug messages.