Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
100
Views
0
Helpful
3
Replies

IPSec Virtual Tunnel Interface Behind NAT

sahmadhashmi
Level 1
Level 1

‎07-17-2024 08:17 AM

Topology

sahmadhashmi_1-1721228688219.png

Problem Description

I have a topology on eve-ng in which I have 3 CSRv and 1 ISRv routers, In that topology I created a IPSEC tunnel over VTI. The problem I'm facing is that the tunnel interface on the router which is on side 1 is down (Protocol is down but status is UP) however the tunnel interface on the router which is on side 2 is UP (Line Protocol is UP) Also, I'm doing NAT on the Edge_R1 router on side1

Please help me to understand why the IPsec is not coming UP and the tunnel interface on side 1.

I'm attaching the configuration script of the routers.

 

Labels:
0 Helpful
3 Replies 3

MHM Cisco World
VIP
VIP

‎07-17-2024 08:23 AM

What IKE v1 you use ?

Share config if you can both vti side 

MHM

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎07-17-2024 04:03 PM

Pos the configuration and make sure your NAT working for requirement.

For IPSEC, you need to open / forward / PAT the following:

  • UDP 500
  • UDP 4500
  • ESP

enable debug and check 

I'm attaching the configuration script of the routers.

attach the configuration of all devices.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

ccieexpert
Level 1
Level 1

‎07-17-2024 11:25 PM

run the debugs as listed in this link:

https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/5409-ipsec-debug-00.html

that should give you an idea.. or attach the config.

0 Helpful
Customers Also Viewed These Support Documents