Solved: IPSEC not working

himanshudwivedi · ‎12-08-2021

I have configured IPSEC between two routers, when I am generating traffic from PC1 to PC2 getting RTO and vice versa, and Show Crypto Session is showing UP-IDLE. Can any one help me in this regard.

Please find the below topology and configuration files

MHM Cisco World · ‎12-08-2021

as cisco suggest it is discourage.

View solution in original post

Rob Ingram · ‎12-08-2021

@himanshudwivedi please generate traffic by pinging PC2 when connected from PC1. Then provide the output of "show crypto isakmp sa" and "show crypto ipsec sa" from both routers.

himanshudwivedi · ‎12-08-2021

I have ping from Pc1 to PC 2 and vice versa, but not working... I have attached the required output in attachment.

Show crypto ipsec sa is showing Send Errors

MHM Cisco World · ‎12-08-2021

change the ACL of IPSec,
1- permit 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 <-in R1
permit 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0 <-in R2
2-no need any
3-no need deny at the end

himanshudwivedi · ‎12-08-2021

Yes it worked, but I want to know the reason why it is not working on ANY..

If in case there are more that 1 subnet is R2 and I am not aware of subnet in R2 and vice versa, in that case I used ANY, why it will not work.

MHM Cisco World · ‎12-08-2021

as cisco suggest it is discourage.