cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1124
Views
0
Helpful
2
Replies

ipsec and vlan interface

Hi . help me with tips please. I have an Ipsec vpn established between 2 routers cisco 881 :

sho crypto isakmp sa

IPv4 Crypto ISAKMP SA

dst src state conn-id status

192.168.15.1 192.168.15.2 QM_IDLE 2001 ACTIVE

L_R#sho crypto engine conn active

Crypto Engine Connections

ID Type Algorithm Encrypt Decrypt LastSeqN IP-Address

3 IPsec DES+MD5 0 133 133 192.168.15.2

4 IPsec DES+MD5 101 0 0 192.168.15.2

5 IPsec DES+MD5 0 8 8 192.168.15.2

6 IPsec DES+MD5 8 0 0 192.168.15.2

2001 IKE MD5+DES 0 0 0 192.168.15.2


2 compyuters connected behind of each router PC_A-RouterA-RouterB-PC_B. PC A (172.16.2.2/24) can tracert/ping PC B(192.168.20.4) , but PC B tracert only till routerA wan interface .. the configs are the same just mirror .. i can't find out why ping/tracert doesn't reach vlan interface to which is PC_A connected..

configs of the 2 routers is attached in zip file

2 Replies 2

Edison Ortiz
Hall of Fame
Hall of Fame

Configs look fine.

I recommend cleaning the IPSEC ACL a little bit but it shouldn't be causing this problem.

It seems the PC_A has incorrect default gateway configuration or FW is enabled.

Regards,

Edison

thank u for reply . i checked- firewal is off on both PC_A 172.16.2.2/24 GW 172.16.2.192 (nt vlan 20)

router_B:interface Vlan20

ip address 192.168.20.1 255.255.255.240

ip nat inside

ip virtual-reassembly

and PC_B 192.168.20.4/28 , as u see here default GW is correct

router_A: interface Vlan20

ip address 172.16.2.192 255.255.255.0

ip nat inside

ip virtual-reassembly

also when i do tracert from PC_B (192.168.20.4) to 172.16.2.192- fine (2 hops 192.168.20.1 and then 172.16.2.192)

when i do tracert from PC_B (192.168.20.4) to 172.16.2.2 (PC_A) - 1 hop 192.168.20.1 then 2 hop 192.168.15.2 (WAN of router_A) and then request timed out . somehow packets can't go trough wan interface to interface vlan 20 .

Guys I still need a help please

Review Cisco Networking for a $25 gift card