Hello Rizwan, 

Below my router configuration and i connot see any tunnel information while checking "show crypto isakmp sa and show crypto ipsec sa"

Current configuration : 6337 bytes
!
! Last configuration change at 08:23:30 UTC Sun Mar 22 2015 by admin
version 15.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname QNT-R1
!
boot-start-marker
boot-end-marker
!
!
security authentication failure rate 10 log
security passwords min-length 6
no logging buffered
logging console critical
enable secret 5 $1$V58B$6mH6M/xmQd8W1opi5Yy8k.
enable password 7 14261C1F0D002B2F29213D6C
!
aaa new-model
!
!
aaa authentication login local_auth local
!
!
!
!
!
aaa session-id common
!
no ip source-route
no ip gratuitous-arps
ip cef
!
!
!

!
!
!
no ip bootp server
ip domain name global.qanawat-me.com
ip name-server 213.421.201.202
ip name-server 194.29.2.2
login block-for 1 attempts 100 within 1
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed-3619037227
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3619037227
 revocation-check none
 rsakeypair TP-self-signed-3619037227
!
!
crypto pki certificate chain TP-self-signed-3619037227
 certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33363139 30333732 3237301E 170D3134 30313039 31333330
  33365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 36313930
  33373232 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100DEA7 4AADB4DB D487FCA5 9559D805 E8F17FAC CD7C1B23 9F2AAB23 638F0061
  86BC6CDE C12827DA 82E1FBDE F397A4B3 D6001ABA 6B11B18F 77547B01 1CAF3B3C
  166C8871 20C9A552 C2AF55B4 6999A4FA 39A65D38 26DB3F91 39339E65 BE94A062
  5BFA17CF 56A21D10 83B9478B 4F208E46 3B5B68CE 937AED07 F4C05D52 B7306010
  4BA10203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
  551D2304 18301680 14906486 93C96CC1 E6456551 51E75852 5158F556 96301D06
  03551D0E 04160414 90648693 C96CC1E6 45655151 E7585251 58F55696 300D0609
  2A864886 F70D0101 05050003 81810063 F9C0A08A 5D2B74BC A1AF058F 24A960A0
  C9C6CFE6 8F9D0B17 259B5E66 6738CEC8 1157B697 48F3433F 5EC583CC 59EEC654
  ABD620B6 2B184C1C 260C797D 9EEA9A18 56AC30C0 5038195D CDEDF95C 59D81B1E
  D125C354 87A0E188 73C28B07 46941553 C50586CB 7B2FEACF 99C109E1 0DB46FB9
  C649481E 01A65D97 58AFCFD5 609295
        quit
license udi pid CISCO2911/K9 sn FGL172312FW

license boot module c2900 technology-package securityk9
!
!
username xxxxx privilege 15 password 7 00151D12055F060F01
!
redundancy
!
!
!
!
!
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp policy 2
 encr 3des
 hash md5
 authentication pre-share
 group 2
crypto isakmp key HAN@Qwat!39 address 196.29.171.33
crypto isakmp key Qnt6@v9N123# address 182.72.142.46
!
!
crypto ipsec transform-set QNT_MTN_Sudan esp-3des esp-sha-hmac
 mode tunnel
crypto ipsec transform-set QNT_6D_VPN esp-3des esp-md5-hmac
 mode tunnel
!
!
!
crypto map Qnt_to_6D_India 11 ipsec-isakmp
 description IPSEC Tunnel to 6D India
 set peer 182.72.142.46
 set security-association lifetime seconds 28800
 set transform-set QNT_6D_VPN
 match address 103
!

crypto map Qnt_to_MTNSudan 10 ipsec-isakmp
 ! Incomplete
 description IPSEC Tunnel to MTN Sudan
 set peer 196.29.171.33
 set security-association lifetime seconds 28800
 set transform-set QNT_MTN_Sudan
 match address 102
!
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 shutdown
 no mop enabled
!
interface GigabitEthernet0/0
 description $ETH-LAN$
 ip address 172.21.25.1 255.255.0.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto
 no mop enabled
!
interface GigabitEthernet0/1
 description $ETH-WAN$
 ip address 213.42.30.244 255.255.255.248
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip verify unicast source reachable-via rx allow-default 100
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto

 no mop enabled
!
interface GigabitEthernet0/2
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 duplex auto
 speed auto
 no mop enabled
!
interface GigabitEthernet0/0/0
 no ip address
 no mop enabled
!
interface GigabitEthernet0/0/1
 no ip address
 no mop enabled
!
interface GigabitEthernet0/0/2
 no ip address
 no mop enabled
!
interface GigabitEthernet0/0/3
 no ip address
 no mop enabled
!
interface Vlan1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 no mop enabled
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
!
ip nat inside source list ACL-POLICY-NAT interface GigabitEthernet0/1 overload
ip nat inside source static tcp 172.21.25.11 22 interface GigabitEthernet0/1 2204
ip nat inside source static tcp 172.21.25.12 22 interface GigabitEthernet0/1 2205

ip nat inside source static tcp 172.21.25.1 23 interface GigabitEthernet0/1 23
ip nat inside source static tcp 172.21.25.1 80 interface GigabitEthernet0/1 93
ip nat inside source static 172.21.25.11 213.42.30.245
ip route 0.0.0.0 0.0.0.0 213.42.30.241
!
ip access-list extended ACL-POLICY-NAT
 permit ip host 172.21.25.11 host 192.168.14.35
!
logging trap debugging
logging facility local2
access-list 100 permit udp any any eq bootpc
access-list 103 permit ip host 213.42.30.245 host 192.168.14.35
no cdp run
!
!
snmp-server community qanawat RO
snmp-server enable traps entity-sensor threshold
!
!
!
control-plane
!
!
banner motd ^C Property of Qanawat FZ LLC Dubai ^C
!
line con 0
 login authentication local_auth
 transport output telnet
line aux 0
 exec-timeout 15 0
 login authentication local_auth
 transport output telnet
line 2
 exec-timeout 15 0
 login authentication local_auth
 no activation-character
 no exec
 transport preferred none
 transport input all
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 password 7 044A05120E25414707

 login authentication local_auth
 transport input telnet ssh
!
scheduler allocate 20000 1000
!
end

-----------------

And also we have recently updated the cisco security license, below :- 

QNT-R1#show license feature
Feature name             Enforcement  Evaluation  Subscription   Enabled  RightToUse
ipbasek9                 no           no          no             yes      no
securityk9               yes          yes         no             yes      yes
uck9                        yes          yes         no             no       yes
datak9                     yes          yes         no             no       yes
gatekeeper             yes          yes         no             no       yes
SSL_VPN               yes          yes         no             no       yes
ios-ips-update         yes          yes         yes            no       yes
SNASw                  yes          yes         no             no       yes
hseck9                   yes          no          no             no       no
cme-srst                 yes          yes         no             no       yes
WAAS_Express     yes          yes         no             no       yes
UCVideo                 yes          yes         no             no       yes

QNT-R1#

please help me to resolve this problem.

Best Regards, 

Abdul 

Hello Abdul,

This looks good: access-list 103 permit ip host 213.42.30.245 host 192.168.14.35

You are missing nat over load to this specific IP: 213.42.30.245 

ip nat inside source list ACL-POLICY-NAT 213.42.30.245 overload

crypto map Qnt_to_MTNSudan 10 ipsec-isakmp
 match address 103

You must make sure, that remote tunnel admin, permits traffic from this IP address: 213.42.30.245 to access 192.168.14.35 and vice verse over the tunnel.

I am not sure why you want to policy-nat translated to outside  address interface's public address, I guess you don't need it.

"ip nat inside source list ACL-POLICY-NAT interface GigabitEthernet0/1 overload" 

Thanks

Hello Sir, 

Previously also tried the same but its not taking...

QNT-R1(config)# ip nat inside source list ACL-POLICY-NAT 213.42.30.245 overload
                                                         ^
% Invalid input detected at '^' marker.

QNT-R1(config)#

this vpn i want to use for another branch and me only handling both side.

Hello Abdul,

Try this, should work.

Create a pool.
ip nat pool abdul-pool 213.42.30.245 0.0.0.0 netmask 255.255.255.255

ip nat inside source list ACL-POLICY-NAT pool abdul-pool overload

You don't need this nat below, so please remove it.

"ip nat inside source list ACL-POLICY-NAT interface GigabitEthernet0/1 overload"

Below is how your config should look when finished.


!
crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 2
 lifetime 28800
crypto isakmp key password address 1.1.1.1
!
!
crypto ipsec transform-set aes256-sha-hmac esp-aes 256 esp-sha-hmac
crypto ipsec transform-set aes256-sha2-hmac esp-aes 256 esp-sha-hmac
!
crypto map crypto_public 10 ipsec-isakmp
 set peer 1.1.1.1
 set transform-set aes256-sha-hmac
 match address acl-crypto-test
!
!

!
interface GigabitEthernet1/0
 ip address 172.16.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 negotiation auto

!
interface GigabitEthernet3/0
 ip address 74.122.146.237 255.255.255.0
 ip mtu 1424
 ip nat outside
 ip virtual-reassembly
 negotiation auto
 crypto map crypto_public

!
!
ip nat pool test_pool 74.122.146.67 74.122.146.67 netmask 255.255.255.0
ip nat inside source list ACL-POLICY-NAT pool test-pool overload
!
ip access-list extended ACL-POLICY-NAT
 permit ip host 172.16.1.10 host 1.1.1.2
ip access-list extended acl-crypto-test
 permit ip host 74.122.146.67 host 1.1.1.2


!

I hope this resolved your issue?