Hi,
Thanks for sharing the doc file.
Going through the doc file, i fail to get much clarity. I have went through the PDF that you had initially attached and see that you are configuring the VPN using aggressive mode for exchange.
Router-1
1-As per the configuration on router1, I see that the peer ip(router2) is configured as 83.196.111.15
2-The VPN summary details on router1 shows that the local ip is 10.0.2.2 and remote ip as 83.196.111.15
Router-2
1-As per the configuration on router2, I see that the peer ip(router1) is configured as 92.140.231.12
2-The VPN summary details on router2 shows that the local ip is 10.0.1.2 and remote ip as 92.140.231.12
>>While VPN negotiation each device will send the ID payload.
>>In the above config i see that none of the routers does have the public ip on them so when they will send the ID payload , it will be as follows:
-Router1 will send the ID payload value as 10.0.2.2
-Router2 will send the ID payload value as 10.0.1.2
>>By default each device would be set to validate the remote peer using the IP address from which it is receiving the negotiation request so the ID field will not match and the negotiation will fail.
Could you please send me the following debug logs from Router2:
deb cry condition peer 92.140.231.12
deb cry isa
deb cry ipsec
-Now initiate the VPN negotiation from Router1.
-Once you see the negotiation failed, please stop the logs using the command " un all".
-Please enable monitoring on terminal before you start the debugs so that the logs could be seen on the terminal window.
-The command to enable monitoring on terminal is "term mon".
Regards,
Mrutunjay Sethi
