Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1375
Views
0
Helpful
4
Replies

Cisco Router IKEV2/Ipsec Issue - no ping through the tunnel

christopho
Level 1
Level 1

‎09-06-2023 12:35 AM

Hello community,

we have a problem with a single ikev2 tunnel on our cisco routers.
We have five tunnels in place which are working fine and only one new tunnel is not working as excpected. 

What do we have?
Cisco 4331 - IOSXE 17.06.03a - ISP German Telekom
Cisco 896 - IOS 15.8(3)M9 - ISP German Telekom

What is the issue?
No ping between the two tunnel interface ip's and no traffic through the tunnel

What configurations we have in place?
please find attached everything

Troubleshooting log
please find attached what we have seen so far

Can anyone give us a suggestion what could be the issue in this case?

Many Thanks.

Best regards,

Chris

 

Labels:
Preview file
4 KB
Preview file
4 KB
Preview file
1 KB
Preview file
2 KB
0 Helpful
4 Replies 4

Rob Ingram
VIP
VIP

‎09-06-2023 01:10 AM

@christopho I can see that both routers are encrypting traffic, but nothing is being decrypted.

Using this is a NAT or a routing issue.

As this a route based VPN, do you have the static routes of routing protocol configured?

0 Helpful

christopho
Level 1
Level 1
In response to Rob Ingram

‎09-06-2023 01:29 AM

Hi Rob, 

thanks for your quick response. We use BGP for all the other tunnels and we want to use it here also. 
Router BGP is in place but comes also not up, because there is not flowing anything through the tunnel. 

Can we disable the router bgp and try it with a route like 
ip route 192.168.69.0 255.255.255.0 tunnel 0 on C896 and
ip route 192.168.69.0 255.255.255.0 tunnel 7 on C4331 ?

0 Helpful

Rob Ingram
VIP
VIP
In response to christopho

‎09-06-2023 01:58 AM

@christopho can you not ping between the 2 tunnel IP addresses (192.168.69.1 and .2)?

Is NAT configured that usually causes issues.

0 Helpful

christopho
Level 1
Level 1
In response to Rob Ingram

‎09-06-2023 02:10 AM - edited ‎09-06-2023 02:14 AM

 2023-09-06 11_12_23-87.140.42.250.png2023-09-06 11_11_16-192.168.1.254.png


@Rob Ingram no i can not ping between 192.168.69.1 and .2. 

Both sides have as tunnel source the public IP or the interface where the public ip is attached to. 
So there should be no firewall and no NAT in between.

On both sides we have the following:

C4331
ip nat inside source route-map VDSL interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
C896
ip nat inside source route-map VDSLV-nat interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1

So thats why i dont know what to do?! Also the Provider is the same on both ends.

0 Helpful
Customers Also Viewed These Support Documents