Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1092
Views
0
Helpful
1
Replies

Cisco 7100 VPN Router to Vigor Draytek 2820 VPN Router

thstagman
Level 1
Level 1

‎04-20-2011 12:17 AM

Hi

I have a bit of a strange one here ..

I have managed to get the tunnel up and working and we are sending data via the tunnel from our Cisco VPN router to the Draytek and onto the clients server. (they , the client, have acknowledged that they are recieving and sending packets back to us).

But, we never see any returning packets at our VPN tunnel endpoint. When we send I see the  encrypted packet count go up , but the packet decrypt remains at zero, this is using show crypto ipsec sa | begin  x.x.x.x.

We do have other working VPN solutions, but this is the first connecting to a Draytek.  The ACL's are matching, and they have NAT turned off. The routing is fine or else the tunnel would not come up as are all the tunnel parameters, else our packets would not arrive at their server.

I just cannot fathom out why we are not seeing any return packets ....

They say they have a route back to us .....

Anyone come across a similar problem like this ?

thanks

Mike

Labels:
0 Helpful
1 Reply 1

barry
Level 7
Level 7

‎04-20-2011 02:08 AM

Hi Mike

Complete stab in the dark here, but have you enabled PFS on the 7100..? I've seen issues similar to this where PFS is configured.

Failing that, you may need to run some debugs - specifically "debug crypto ipsec" options to attempt to work out why the packets aren't being decrypted.

Barry

0 Helpful
Customers Also Viewed These Support Documents