Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2020
Views
0
Helpful
3
Replies

IPSec Tunnel up but cannot ping remote Tunnel IP

Go to solution
mahesh18
Level 6
Level 6

‎12-15-2012 10:27 AM - edited ‎03-07-2019 10:37 AM

Hi everyone,

I have IPSEC  tunnel between 2 devices.

Tunnel is up up from both ends.

No NAT is taking place on these 2 devices.

I can ping the IP across the tunnel but not the tunnel IP.

Is this normal behaviour ?

Here is info

IPv4 Crypto ISAKMP SA

dst             src             state          conn-id status

192.168.99.2    192.168.99.1    QM_IDLE           2005 ACTIVE

IPv6 Crypto ISAKMP SA

1811w# ping 4.2.2.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 44/47/48 ms

1811w#ping 192.168.20.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.20.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

1811w#ping 192.168.99.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.99.2, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

1811w#

Thanks

MAhesh

Labels:
139999-putty1.txt.zip
140000-putty.txt.zip
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎12-15-2012 11:03 AM

Hi Mahesh,

Can you post sh run from both routers?

I provided you my lab IPsec config a couple of weeks ago.  Did you try loading it.

Reza

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎12-15-2012 11:03 AM

Hi Mahesh,

Can you post sh run from both routers?

I provided you my lab IPsec config a couple of weeks ago.  Did you try loading it.

Reza

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Reza Sharifi

‎12-15-2012 01:23 PM

Hi Reza,

I did not load that IPSEC which you provided few weeks ago.

I have loaded the sh run from both devices to this under original post.

Thanks

Mahesh

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to mahesh18

‎12-15-2012 02:13 PM

Hi Reza,

I can ping the Tunnel IP now on other side as below

1811w#   sh crypto isakmp sa

IPv4 Crypto ISAKMP SA

dst             src             state          conn-id status

192.168.99.2    192.168.99.1    QM_IDLE           2005 ACTIVE

IPv6 Crypto ISAKMP SA

1811w# ping 192.168.99.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.99.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms

Same issue fixing the ACL  on 3550A  solved my both problems

Regards Again

I know you are always here to help me

Mahesh

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card