06-27-2017 03:45 AM - edited 02-21-2020 09:20 PM
Please help!! I am currently trying to install a C819G router that needs to build an IPSEC tunnel with a private IP. When I do a sh crypto IPSEC sa and do a debug it is automatically trying to build using port 500. I know it needs to be port 4500, but don't know how to force it to. There are no NAT list on my router as I am getting my IP via DHCP.
06-27-2017 03:55 AM
crypto
Secondly, make sure the other router ahead of this device is doing one to one nat for this IP.
As long as
If this does not help, can you please share complete debugs (do sanitize the IPs accordingly) where we see only UDP 500 communication?
Regards
Dinesh Moudgil
P.S. Please rate helpful posts.
06-27-2017 07:31 AM
So I think it's something happening at our ISP blocking the traffic. I was running the sh crypto ipsec sa command, when I should have been doing the sh crypto ikev2 sa command. When doing the debug I see the traffic trying to pass, but doesn't look like the return traffic is making it. My distant end is seeing me hit their router, but my debug is showing the error as "IKEV2-ERROR:(SESSION ID = 1,SA ID = 1):: Maximum number of retransmissions reached" and "IKEV2-ERROR:(SESSION ID = 1,SA ID = 1):: Auth exchange failed"...
06-27-2017 08:35 AM
If you do see retransmission, then it could very well mean that we are trying to send the request but we are not getting any reply.
You might want to take Embedded Packet
Regards
Dinesh Moudgil
P.S. Please rate helpful posts.
06-28-2017 03:44 AM
Issue resolved. Our ISP, although allowing our traffic and the applicable ports, they had their FW in IPS mode and changed it to IDS. Once that was done the tunnel came up. Not sure why their FW in IPS didn't allow the tunnel to come up even though the rule was put in correctly. Anyway, the issue was found. Thank you for your assistance.
KC
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide