11-21-2016 07:28 AM - edited 02-21-2020 09:03 PM
Hi All,
We have had a Cisco 2921 which we have set up IPSec tunnels to our remote sites.
However the Cisco is not passing traffic.
Any assistance would be greatly appreciated.
interface: GigabitEthernet0/0
Crypto map tag: SDM_CMAP_1, local addr 203.x.x.x
protected vrf: (none)
local ident (addr/mask/prot/port): (192.168.202.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.203.0/255.255.255.0/0/0)
current_peer 165.x.x.x port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 16, #pkts decrypt: 16, #pkts verify: 16
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 203.x.x.x, remote crypto endpt.: 165.x.x.x.
plaintext mtu 1350, path mtu 1400, ip mtu 1400, ip mtu idb GigabitEthernet0/0
current outbound spi: 0xCAF32509(3404932361)
PFS (Y/N): Y, DH group: group2
inbound esp sas:
spi: 0x41CCE040(1103945792)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2661, flow_id: Onboard VPN:661, sibling_flags 80000040, crypto map: SDM_CMAP_1
sa timing: remaining key lifetime (k/sec): (4341587/3541)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0xCAF32509(3404932361)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2662, flow_id: Onboard VPN:662, sibling_flags 80000040, crypto map: SDM_CMAP_1
sa timing: remaining key lifetime (k/sec): (4341588/3541)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)
outbound ah sas:
outbound pcp sas:
11-21-2016 07:58 AM
Hi sebastianm1,
Can you share the nat config of this router?
Seems like you are receiving traffic and not responding, you can also take a look to the routing to make sure everything is fine.
Hope this info helps!!
Rate if helps you!!
-JP-
11-21-2016 08:16 AM
Hi JP
Thank you kindly for your quick reply.
i found that there was an extra NAT rule applied that was blocking the traffic.
removed the rule and it starting flowing :)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide