07-17-2024 08:17 AM - edited 07-18-2024 03:41 AM
Topology
Problem Description
I have a topology on eve-ng in which I have 3 CSRv and 1 ISRv routers, In that topology I created a IPSEC tunnel over VTI. The problem I'm facing is that the tunnel interface on the router which is on side 1 is down (Protocol is down but status is UP) however the tunnel interface on the router which is on side 2 is UP (Line Protocol is UP) Also, I'm doing NAT on the Edge_R1 router on side1
Please help me to understand why the IPsec is not coming UP and the tunnel interface on side 1.
I'm attaching the configuration script of the routers.
Solved! Go to Solution.
07-18-2024 03:57 AM
first fast review
the tunnel in ISR use tunnel source IP that is not direct connect to router ?
it must use g1
change it and check
MHM
07-17-2024 08:23 AM
What IKE v1 you use ?
Share config if you can both vti side
MHM
07-17-2024 04:03 PM
Pos the configuration and make sure your NAT working for requirement.
For IPSEC, you need to open / forward / PAT the following:
enable debug and check
I'm attaching the configuration script of the routers.
attach the configuration of all devices.
07-17-2024 11:25 PM
run the debugs as listed in this link:
that should give you an idea.. or attach the config.
07-18-2024 03:43 AM - edited 07-18-2024 03:44 AM
07-18-2024 03:57 AM
first fast review
the tunnel in ISR use tunnel source IP that is not direct connect to router ?
it must use g1
change it and check
MHM
07-18-2024 05:35 PM
Thanks MHM, Yes after changing the source as Gig1, Tunnel comes UP and started to work.
Thanks for your help! Appreciated
07-18-2024 05:37 PM - edited 07-18-2024 05:38 PM
Thanks Everyone for your help
07-18-2024 04:14 AM
It sounds like your issue might be related to NAT interfering with the IPsec tunnel establishment. Ensure that NAT traversal (NAT-T) is enabled on both sides of the tunnel. Also, check if your ACLs are correctly configured to allow IPsec traffic through the NAT device.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide