08-14-2012 01:18 PM - edited 03-04-2019 05:16 PM
Hi . help me with tips please. I have an Ipsec vpn established between 2 routers cisco 881 :
sho crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
192.168.15.1 192.168.15.2 QM_IDLE 2001 ACTIVE
L_R#sho crypto engine conn active
Crypto Engine Connections
ID Type Algorithm Encrypt Decrypt LastSeqN IP-Address
3 IPsec DES+MD5 0 133 133 192.168.15.2
4 IPsec DES+MD5 101 0 0 192.168.15.2
5 IPsec DES+MD5 0 8 8 192.168.15.2
6 IPsec DES+MD5 8 0 0 192.168.15.2
2001 IKE MD5+DES 0 0 0 192.168.15.2
2 compyuters connected behind of each router PC_A-RouterA-RouterB-PC_B. PC A (172.16.2.2/24) can tracert/ping PC B(192.168.20.4) , but PC B tracert only till routerA wan interface .. the configs are the same just mirror .. i can't find out why ping/tracert doesn't reach vlan interface to which is PC_A connected..
configs of the 2 routers is attached in zip file
08-14-2012 02:24 PM
Configs look fine.
I recommend cleaning the IPSEC ACL a little bit but it shouldn't be causing this problem.
It seems the PC_A has incorrect default gateway configuration or FW is enabled.
Regards,
Edison
08-14-2012 03:04 PM
thank u for reply . i checked- firewal is off on both PC_A 172.16.2.2/24 GW 172.16.2.192 (nt vlan 20)
router_B:interface Vlan20
ip address 192.168.20.1 255.255.255.240
ip nat inside
ip virtual-reassembly
and PC_B 192.168.20.4/28 , as u see here default GW is correct
router_A: interface Vlan20
ip address 172.16.2.192 255.255.255.0
ip nat inside
ip virtual-reassembly
also when i do tracert from PC_B (192.168.20.4) to 172.16.2.192- fine (2 hops 192.168.20.1 and then 172.16.2.192)
when i do tracert from PC_B (192.168.20.4) to 172.16.2.2 (PC_A) - 1 hop 192.168.20.1 then 2 hop 192.168.15.2 (WAN of router_A) and then request timed out . somehow packets can't go trough wan interface to interface vlan 20 .
Guys I still need a help please
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide