03-24-2009 09:50 AM - edited 02-21-2020 04:11 PM
Dear All,
I was practicing for IPSEC VPN site-to-site, but was not able to see any ipsec sa output.
My network is like R1--R2 from R2 there are 3 different links getting connected to R3, R4, R5 respectively. And all this 3 routers are getting connected to R6 in similar fashion as R2.
Now R1-R2 and loopbacks of R2 are in OSPF area 1. R2, R3, R4, R5, R6 are all in area 0. And loopbacks of R6 are in Area2.
Here due to equal cost path loadbalancing is taking place. Now when I am trying to initiate IPSECVPN from R1 loopback 11 to R6 loopback 60, ISAKMP is coming ON. But IPSEC is not coming UP. I tried to do ping, telnet but I failed to test whether my VPN was working or not. Debug also did not worked for me. Could you please help me.
03-24-2009 09:57 AM
in either side - is there a route in the routing table for the remote end? You will also need to check your "no-nat" to ensure your not natting before encryption
03-25-2009 02:01 AM
Dear Andrew,
I have a route at both ends in my routing table. And there is no nat configred at all in the entire topology.
But still not working.
03-25-2009 02:08 AM
post your configs for review, remove sensitive information.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide