I'm building multiple IPSec VPNs over cellular networks using a Cradlepoint IBR650 on either end. On the head end is the 867VAE-K9 behind one of these Cradlepoints terminating one end of every tunnel and each other end is another Cradlepoint terminating the other end. Currently, I'm trying to get one of these tunnels up and so far it has been a challenge. I've managed to get what looks like to be IKE Phase 1 and 2 both at the complete stage and my show commands are showing UP-ACTIVE for Crypto Session and QM IDLE ACTIVE for Crypto ISAKMP SA yet I can't seem to ping the machine on the other end. Can anyone give me their thoughts or requests?
Sorry for not getting back to you earlier. I had this set up to email me when I had a reply, but that didn't seem to work. All counters stay at 0. Looks as though it's not leaving the Cisco router.
I've included my run output and ipsec sa output for inspection. Is there anything else you or anyone else would like to see?
(Attachments removed as new attachments provided in later post.)
Update... (Rev 2)
From the machine hooked up to the Cisco router, I can ping the LAN gateway address across the VPN on the Cradlepoint, but cannot ping the machine address inside the Cradlepoint LAN. When pinging the Cradlepoint LAN gateway, the ipsec sa output shows all the "encap", "encrypt", "digest", "decap", "decrypt", and "verify" counters counting up, but only "encap", "encrypt", and "digest" continue counting when I ping the machine inside the Cradlepoint LAN.
From the machine hooked up to the Cradlepoint, I can ping the LAN gateway address across the VPN on the Cisco router, but cannot ping the machine address inside the Cisco router LAN. When pinging the Cisco router LAN gateway, the ipsec sa output shows all the counters counting, but only the "decap", "decrypt", and "verify" continue counting when pinging into machine inside the Cisco router LAN.
Do you have any suggestions?
Included are my new run and ipsec sa outputs as I have been changing things and trying to look at things at a different angle if you would like to look.
Looks like my issue was simply the Windows firewall as it put the network I was connected to into the "Public" domain. Shut down the firewall and pings all around.