- Cisco Community
- Technology and Support
- Security
- VPN
- No data through VPN tunnel
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
No data through VPN tunnel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-01-2015 04:13 AM
Hi forum,
I am trying to set up a VPN tunnel form Apple clients (OS X 10.10 and iOS 8) to my ISR1941 Router. The tunnel prompts me for the login credentials and the client gets an IP from the VPN pool but there is no traffic going through the tunnel. What am I doing wrong?
Complete router config:
Router1941#sh run
Building configuration...
Current configuration : 25149 bytes
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router1941
!
boot-start-marker
boot system flash0:c1900-universalk9-mz.SPA.152-4.M6a.bin
boot-end-marker
!
!
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa authentication login VPN-USER-AUTH local
aaa authorization network VPN-USER-GROUP local
!
!
!
!
!
aaa session-id common
clock timezone Berlin 1 0
clock summer-time Berlin recurring
!
ip cef
!
!
ip dhcp pool 16
import all
network 176.16.2.0 255.255.255.0
dns-server 176.16.2.1
netbios-name-server 176.16.2.1
default-router 176.16.2.1
netbios-node-type h-node
domain-name DOMAIN.local
!
ip dhcp pool Supermicro-Atom-IPMI
..
!
ip dhcp pool FreeNAS-DMZ-LAN1
..
!
!
!
ip dhcp snooping vlan 2
ip domain round-robin
ip domain name DOMAIN.local
ip host DOMAIN.local ns ns.DOMAIN.local
ip host owncloud.DOMAIN.com 176.16.2.13
ip host Nilss-MacBook-Pro.DOMAIN.home.com 192.168.11.31
ip host freenas-dmz.DOMAIN.local 176.16.2.12
ip host freenas.DOMAIN.local 192.168.11.10
ip host Switch3560-1.DOMAIN.local 192.168.11.1
ip host superdoctor.DOMAIN.local 176.16.2.210
ip host Router1941.DOMAIN.local 192.168.250.1
ip host fritz.box 192.168.178.1
ip host ns.DOMAIN.local 192.168.250.1
ip host remote.DOMAIN.com 176.16.2.12
ip host owncloud.DOMAIN.local 176.16.2.13
ip name-server 8.8.8.8
ip name-server 213.73.91.35
ip name-server 208.67.220.220
ip ddns update method dyndns
HTTP
add https://..
remove https://..
interval maximum 1 0 0 0
!
no ipv6 cef
!
multilink bundle-name authenticated
!
!
crypto pki trustpoint TP-self-signed-3772950798
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3772950798
revocation-check none
rsakeypair TP-self-signed-3772950798
!
crypto pki trustpoint DigiCertHighAssuranceC3
enrollment terminal pem
revocation-check none
!
!
crypto pki certificate chain TP-self-signed-3772950798
certificate self-signed 01
3082022B ..
quit
crypto pki certificate chain DigiCertHighAssuranceC3
certificate ca ..
quit
license udi pid CISCO1941/K9 …
license accept end user agreement
license boot module c1900 technology-package datak9
hw-module ism 0
!
!
!
vtp mode transparent
username USERNAME1 privilege 15 password 7 PASSWORD
username USERNAME2 password 7 PASSWORD
username USERNAME3 password 7 PASSWORD
!
redundancy
!
!
!
!
!
vlan 2
!
ip ssh authentication-retries 5
ip ssh version 2
!
class-map match-any QOS-TELNET-TRAFFIC
match protocol telnet
class-map match-any QOS-RTSP-TRAFFIC
match protocol rtsp
class-map type inspect match-any SSH-TELNET-TRAFFIC
match protocol ssh
match protocol telnet
class-map match-any QOS-CHAT-TRAFFIC
match protocol aol-messenger
match protocol irc
match protocol irc-serv
match protocol secure-irc
match protocol msn-messenger
match protocol yahoo-messenger
class-map type inspect match-any FTP-TRAFFIC
match protocol ftp
class-map type inspect sip match-any SIP-VIOLATION
match protocol-violation
class-map type inspect match-any SIP-TRAFFIC
match access-group 110
class-map type inspect match-any NTP-TRAFFIC
match protocol ntp
class-map type inspect match-any EMAIL-TRAFFIC
match protocol pop3
match protocol pop3s
match protocol smtp
match protocol imap
match protocol imap3
match protocol imaps
class-map type inspect match-any IPSec-TRAFFIC
description For IPSec
match protocol isakmp
match protocol ipsec-msft
class-map type inspect match-any WEB-TRAFFIC
match protocol http
class-map type inspect match-all STARCRAFT-PORTS
match access-group 190
class-map match-any QOS-P2P-TRAFFIC
match protocol bittorrent
class-map type inspect match-any MISCELLANEOUS-TRAFFIC
match protocol tftp
class-map match-any INTERACTIVE-VIDEO
match dscp cs5
match dscp cs4
class-map match-any NETWORK-CONTROL
match dscp cs6
match dscp cs2
class-map match-any CRITICAL-DATA
match dscp af41 af42 af43
match dscp af21 af22 af23
match dscp af11 af12 af13
class-map type inspect match-any DNS-TRAFFIC
match protocol dns
class-map type inspect match-any MSRPC-TRAFFIC
match protocol msrpc
class-map match-any QOS-BONJOUR-TRAFFIC
match protocol asip-webadmin
match protocol net-assistant
class-map match-any QOS-FTP-TRAFFIC
match protocol ftp
match protocol ftp-data
match protocol ftps-data
match protocol secure-ftp
class-map type inspect match-any ROUTER-TO-OUTSIDE
description Permit router-generated traffic out
match protocol tcp
match protocol udp
match protocol icmp
class-map match-any QOS-SSH-TRAFFIC
match protocol ssh
class-map type inspect match-any WEB-SEC-TRAFFIC
match protocol https
class-map match-any QOS-EIGRP-TRAFFIC
match protocol eigrp
class-map match-any QOS-SIP-TRAFFIC
match protocol sip
class-map match-any QOS-EMAIL-TRAFFIC
match protocol pop3
match protocol secure-pop3
match protocol smtp
match protocol imap
match protocol secure-imap
class-map match-any QOS-IPSec-TRAFFIC
match protocol ipsec
match protocol isakmp
class-map type inspect match-any VPN-TO-self
match access-group 180
class-map match-any QOS-WEB-TRAFFIC
match protocol http
match protocol secure-http
class-map type inspect match-any NETZWERK-MANAGEMENT-TRAFFIC
match protocol router
class-map type inspect match-all iTUNES-TRAFFIC
match access-group 170
class-map match-any QOS-MISCELLANEOUS-TRAFFIC
match protocol ntp
match protocol dns
match protocol icmp
match protocol tftp
class-map type inspect match-any P2P-TRAFFIC
match protocol bittorrent
class-map match-any QOS-SKYPE-TRAFFIC
match protocol skype
class-map match-any QOS-RTP-TRAFFIC
match protocol rtp
class-map match-all VOICE
match dscp ef
class-map type inspect match-any FTP-SEC-TRAFFIC
match protocol ftps
class-map match-all SCAVENGER
match dscp cs1
class-map match-all SIGNALING
match dscp cs3
class-map type inspect match-any RTSP-TRAFFIC
match protocol rtsp
class-map type inspect match-any DYNDNS-TRAFFIC
match protocol ddns-v3
class-map type inspect match-any ICMP-TRAFFIC
match protocol icmp
class-map match-any QOS-REMOTE-DESKTOP-TRAFFIC
match protocol vnc
class-map match-all MULTIMEDIA-STREAMING
match dscp af31 af32 af33
class-map type inspect match-any STUN-TRAFFIC
match protocol stun
class-map type inspect match-all JAVA-TRAFFIC
match access-group 150
class-map match-any QOS-QUICK-TIME-TRAFFIC
match protocol appleqtc
match protocol appleqtcsrvr
class-map type inspect match-any CHAT-TRAFFIC
match protocol icq
match protocol aol
match protocol irc
match protocol irc-serv
match protocol ircs
match protocol msnmsgr
match protocol ymsgr
match access-group 185
!
policy-map type inspect LAN-TO-DMZ
class type inspect RTSP-TRAFFIC
inspect
class type inspect IPSec-TRAFFIC
inspect
class type inspect ICMP-TRAFFIC
inspect
class type inspect NETZWERK-MANAGEMENT-TRAFFIC
inspect
class type inspect WEB-SEC-TRAFFIC
inspect
class type inspect WEB-TRAFFIC
inspect
class type inspect CHAT-TRAFFIC
inspect
class type inspect EMAIL-TRAFFIC
inspect
class type inspect MISCELLANEOUS-TRAFFIC
inspect
class type inspect FTP-TRAFFIC
inspect
class type inspect FTP-SEC-TRAFFIC
inspect
class type inspect P2P-TRAFFIC
inspect
class type inspect SSH-TELNET-TRAFFIC
inspect
class type inspect JAVA-TRAFFIC
inspect
class class-default
pass
policy-map WAN-EDGE-8-CLASS
class VOICE
priority percent 10
class INTERACTIVE-VIDEO
priority percent 23
class NETWORK-CONTROL
bandwidth percent 5
class SIGNALING
bandwidth percent 2
class MULTIMEDIA-STREAMING
bandwidth percent 10
fair-queue
random-detect dscp-based
random-detect dscp 26 50 64
random-detect dscp 28 45 64
random-detect dscp 30 40 64
class CRITICAL-DATA
bandwidth percent 24
fair-queue
random-detect dscp-based
random-detect dscp 10 50 64
random-detect dscp 12 45 64
random-detect dscp 14 40 64
random-detect dscp 18 50 64
random-detect dscp 20 45 64
random-detect dscp 22 40 64
random-detect dscp 34 50 64
random-detect dscp 36 45 64
random-detect dscp 38 40 64
class SCAVENGER
bandwidth percent 1
class class-default
bandwidth percent 25
fair-queue
queue-limit 128 packets
random-detect dscp-based
random-detect dscp 0 100 128
policy-map QOS-OUT-SHAPER
class class-default
shape average 25000000
service-policy WAN-EDGE-8-CLASS
policy-map type inspect LAN-TO-WAN
class type inspect RTSP-TRAFFIC
inspect
class type inspect IPSec-TRAFFIC
inspect
class type inspect ICMP-TRAFFIC
inspect
class type inspect NETZWERK-MANAGEMENT-TRAFFIC
inspect
class type inspect WEB-SEC-TRAFFIC
inspect
class type inspect WEB-TRAFFIC
inspect
class type inspect CHAT-TRAFFIC
inspect
class type inspect EMAIL-TRAFFIC
inspect
class type inspect MISCELLANEOUS-TRAFFIC
inspect
class type inspect FTP-TRAFFIC
inspect
class type inspect FTP-SEC-TRAFFIC
inspect
class type inspect P2P-TRAFFIC
inspect
class type inspect SSH-TELNET-TRAFFIC
inspect
class type inspect NTP-TRAFFIC
inspect
class type inspect DNS-TRAFFIC
inspect
class type inspect STARCRAFT-PORTS
inspect
class type inspect MSRPC-TRAFFIC
inspect
class type inspect STUN-TRAFFIC
inspect
class type inspect iTUNES-TRAFFIC
inspect
class type inspect SIP-TRAFFIC
inspect
class type inspect JAVA-TRAFFIC
inspect
class class-default
pass
policy-map type inspect WAN-TO-LAN
class type inspect NTP-TRAFFIC
inspect
class type inspect SIP-TRAFFIC
inspect
class type inspect STUN-TRAFFIC
inspect
class class-default
drop log
policy-map type inspect DMZ-TO-LAN
class class-default
drop log
policy-map type inspect WAN-TO-DMZ
class type inspect WEB-SEC-TRAFFIC
inspect
class type inspect FTP-TRAFFIC
inspect
class type inspect FTP-SEC-TRAFFIC
inspect
class type inspect NTP-TRAFFIC
inspect
class class-default
drop log
policy-map type inspect WAN-TO-self
class type inspect SSH-TELNET-TRAFFIC
drop log
class type inspect IPSec-TRAFFIC
pass
class type inspect VPN-TO-self
inspect
class class-default
pass log
policy-map type inspect sip SIP-VIOLATION-PASS
class type inspect sip SIP-VIOLATION
allow
log
policy-map type inspect self-TO-WAN
class type inspect ROUTER-TO-OUTSIDE
inspect
class class-default
drop log
policy-map type inspect DMZ-TO-WAN
class type inspect WEB-SEC-TRAFFIC
inspect
class type inspect WEB-TRAFFIC
inspect
class type inspect EMAIL-TRAFFIC
inspect
class type inspect MISCELLANEOUS-TRAFFIC
inspect
class type inspect FTP-TRAFFIC
inspect
class type inspect FTP-SEC-TRAFFIC
inspect
class type inspect DYNDNS-TRAFFIC
inspect
class type inspect NETZWERK-MANAGEMENT-TRAFFIC
inspect
class type inspect ICMP-TRAFFIC
inspect
class type inspect IPSec-TRAFFIC
inspect
class type inspect DNS-TRAFFIC
inspect
class type inspect NTP-TRAFFIC
inspect
class class-default
pass
policy-map DSCP-MARKING
class QOS-RTP-TRAFFIC
set ip dscp ef
class QOS-EIGRP-TRAFFIC
set ip dscp cs6
class QOS-RTSP-TRAFFIC
set ip dscp cs4
class QOS-BONJOUR-TRAFFIC
set ip dscp af42
class QOS-SIP-TRAFFIC
set ip dscp cs3
class QOS-IPSec-TRAFFIC
set ip dscp af31
class QOS-WEB-TRAFFIC
set ip dscp af23
class QOS-SSH-TRAFFIC
set ip dscp af31
class QOS-TELNET-TRAFFIC
set ip dscp af31
class QOS-EMAIL-TRAFFIC
set ip dscp af22
class QOS-MISCELLANEOUS-TRAFFIC
set ip dscp cs2
class QOS-FTP-TRAFFIC
set ip dscp af13
class QOS-P2P-TRAFFIC
set ip dscp af12
class QOS-SKYPE-TRAFFIC
set ip dscp cs4
class QOS-REMOTE-DESKTOP-TRAFFIC
set ip dscp af31
!
zone security LAN
zone security WAN
zone security DMZ
zone-pair security LAN-TO-WAN source LAN destination WAN
service-policy type inspect LAN-TO-WAN
zone-pair security LAN-TO-DMZ source LAN destination DMZ
service-policy type inspect LAN-TO-DMZ
zone-pair security WAN-TO-LAN source WAN destination LAN
service-policy type inspect WAN-TO-LAN
zone-pair security WAN-TO-DMZ source WAN destination DMZ
service-policy type inspect WAN-TO-DMZ
zone-pair security self-TO-WAN source self destination WAN
zone-pair security DMZ-TO-self source DMZ destination self
zone-pair security WAN-TO-self source WAN destination self
service-policy type inspect WAN-TO-self
zone-pair security self-TO-DMZ source self destination DMZ
zone-pair security self-TO-LAN source self destination LAN
zone-pair security LAN-TO-self source LAN destination self
zone-pair security DMZ-TO-LAN source DMZ destination LAN
zone-pair security DMZ-TO-WAN source DMZ destination WAN
service-policy type inspect DMZ-TO-WAN
zone-pair security LAN-TO-LAN source LAN destination LAN
!
crypto ctcp
!
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
!
crypto isakmp client configuration group VPN-CLIENT-GROUP
key PASSWORD
dns 192.168.250.1
wins 192.168.250.1
domain DOMAIN.local
pool VPN-IP-POOL
max-users 5
crypto isakmp profile VPN-IKE-PROFILE-1
match identity group VPN-CLIENT-GROUP
client authentication list VPN-USER-AUTH
isakmp authorization list VPN-USER-GROUP
client configuration address respond
virtual-template 2
!
!
crypto ipsec transform-set VPN-CLIENT-TRANSFORMSET esp-aes esp-sha-hmac
mode tunnel
!
crypto ipsec profile VPN-CLIENT-IPSEC-PROFILE
set transform-set VPN-CLIENT-TRANSFORMSET
!
!
!
interface Embedded-Service-Engine0/0
no ip address
!
interface GigabitEthernet0/0
description to Switch3560-2 L3
mtu 9000
ip address 192.168.250.3 255.255.255.254
zone-member security LAN
duplex auto
speed 1000
service-policy output WAN-EDGE-8-CLASS
!
interface GigabitEthernet0/1
description to Switch3560-11 L3
mtu 9000
ip address 192.168.250.1 255.255.255.254
zone-member security LAN
duplex auto
speed 1000
service-policy output WAN-EDGE-8-CLASS
!
interface GigabitEthernet0/0/0
description to FritzBox
ip address 192.168.178.10 255.255.255.0
zone-member security WAN
duplex auto
speed auto
no cdp enable
service-policy input DSCP-MARKING
service-policy output WAN-EDGE-8-CLASS
!
interface GigabitEthernet0/1/0
description To FreeNAS
switchport access vlan 2
no ip address
duplex full
speed 1000
spanning-tree portfast
service-policy input DSCP-MARKING
service-policy output WAN-EDGE-8-CLASS
ip dhcp snooping limit rate 20
!
interface GigabitEthernet0/1/1
switchport access vlan 2
no ip address
duplex full
speed 1000
spanning-tree portfast
service-policy input DSCP-MARKING
service-policy output WAN-EDGE-8-CLASS
ip dhcp snooping limit rate 20
!
interface GigabitEthernet0/1/2
switchport access vlan 2
no ip address
duplex full
speed 1000
spanning-tree portfast
service-policy input DSCP-MARKING
service-policy output WAN-EDGE-8-CLASS
ip dhcp snooping limit rate 20
!
interface GigabitEthernet0/1/3
switchport access vlan 2
no ip address
duplex full
speed 1000
spanning-tree portfast
service-policy input DSCP-MARKING
service-policy output WAN-EDGE-8-CLASS
ip dhcp snooping limit rate 20
!
interface Virtual-Template2 type tunnel
description Endpoint for VPN Tunnel
ip address 192.168.51.1 255.255.255.0
tunnel mode ipsec ipv4
tunnel protection ipsec profile VPN-CLIENT-IPSEC-PROFILE
!
interface Vlan1
no ip address
!
interface Vlan2
description DMZ Privat VLAN
ip address 176.16.2.1 255.255.255.0
zone-member security DMZ
!
interface Dialer1 !(not in use)
...
!
!
router eigrp 1
default-metric 10000 1 255 1 1500
network 176.16.2.0 0.0.0.255
network 192.168.51.0
network 192.168.100.0
network 192.168.178.0
network 192.168.250.0 0.0.0.1
network 192.168.250.2 0.0.0.1
redistribute static
!
ip local pool VPN-IP-POOL 192.168.51.30 192.168.51.50
ip forward-protocol nd
!
no ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip dns server
ip dns primary DOMAIN.local soa ns.DOMAIN.local admin.DOMAIN.local 21600 900 7776000 86400
ip route 0.0.0.0 0.0.0.0 192.168.178.1
!
ip access-list extended VPN-CLIENT-ACL
ip access-list extended WAN-TO-DMZ
permit tcp any any eq ftp
permit tcp any any eq ftp-data
permit tcp any any eq 443
!
access-list 110 permit tcp host 192.168.178.1 host 192.168.21.10 eq 5060
access-list 110 permit udp host 192.168.178.1 host 192.168.21.10 eq 5060
access-list 110 permit tcp host 192.168.21.10 host 192.168.178.1 eq 5060
access-list 110 permit udp host 192.168.21.10 host 192.168.178.1 eq 5060
access-list 110 permit udp host 192.168.178.1 host 192.168.21.10 range 16384 16482
access-list 110 permit udp host 192.168.21.10 host 192.168.178.1 range 16384 16482
access-list 110 permit udp any any eq 5090
access-list 110 permit udp host 192.168.178.1 host 192.168.11.20 range 7078 7110
access-list 110 permit udp host 192.168.1.20 host 192.168.178.1 range 7078 7110
access-list 150 permit tcp any any eq 5900
access-list 150 permit tcp any any eq 623
access-list 160 permit udp any any eq 3478
access-list 160 permit tcp any any eq 3478
access-list 170 permit tcp any any range 7760 9999
access-list 170 permit udp any any range 7760 9999
access-list 180 permit udp any any eq isakmp
access-list 180 permit esp any any
access-list 180 permit udp any any eq non500-isakmp
access-list 180 permit tcp any any eq 10000
access-list 185 permit tcp any any eq 5222
access-list 190 permit tcp any any eq 1119
access-list 190 permit udp any any eq 1119
access-list 190 permit tcp any any eq 1120
access-list 190 permit udp any any eq 1120
access-list 190 permit tcp any any eq 3724
access-list 190 permit udp any any eq 3742
access-list 190 permit tcp any any eq 4000
access-list 190 permit udp any any eq 4000
access-list 190 permit tcp any any range 6112 6114
access-list 190 permit udp any any range 6112 6114
access-list 190 permit tcp any any range 6881 6999
access-list 190 permit udp any any range 6881 6999
!
!
!
!
!
control-plane
!
!
banner login ^C
********************************************************
* *
* PRIVAT PROPERTY, DO NOT ENTER *
* *
********************************************************
^C
!
line con 0
password 7 PASSWORD
logging synchronous
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line 67
no activation-character
no exec
transport preferred none
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class 23 in
privilege level 15
password 7 PASSWORD
transport input ssh
line vty 5 15
access-class 23 in
privilege level 15
password 7 PASSWORD
transport input none
!
scheduler allocate 20000 1000
ntp source GigabitEthernet0/0/0
ntp server 192.53.103.104 minpoll 10
ntp server 192.53.103.108 minpoll 10 prefer
!
end
Router1941#
VPN part of the router config:
aaa new-model
!
!
aaa authentication login VPN-USER-AUTH local
aaa authorization network VPN-USER-GROUP local
!
username USERNAME1 privilege 15 password 7 PASSWORD1
username USERNAME2 password 7 PASSWORD2
username USERNAME3 password 7 PASSWORD3
!
crypto ctcp
!
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
!
crypto isakmp client configuration group VPN-CLIENT-GROUP
key PASSWORD
dns 192.168.250.1
wins 192.168.250.1
domain DOMAIN.local
pool VPN-IP-POOL
max-users 5
crypto isakmp profile VPN-IKE-PROFILE-1
match identity group VPN-CLIENT-GROUP
client authentication list VPN-USER-AUTH
isakmp authorization list VPN-USER-GROUP
client configuration address respond
virtual-template 2
!
!
crypto ipsec transform-set VPN-CLIENT-TRANSFORMSET esp-aes esp-sha-hmac
mode tunnel
!
crypto ipsec profile VPN-CLIENT-IPSEC-PROFILE
set transform-set VPN-CLIENT-TRANSFORMSET
!
!
ip local pool VPN-IP-POOL 192.168.51.30 192.168.51.50
ip forward-protocol nd
!
interface Virtual-Template2 type tunnel
description Endpoint for VPN Tunnel
ip address 192.168.51.1 255.255.255.0
tunnel mode ipsec ipv4
tunnel protection ipsec profile VPN-CLIENT-IPSEC-PROFILE
VPN show commands:
Router1941#sh cry isa sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
192.168.178.10 192.168.178.20 QM_IDLE 17014 ACTIVE
IPv6 Crypto ISAKMP SA
Router1941#
Router1941#
Router1941#sh cry ipsec sa
interface: Virtual-Access2
Crypto map tag: Virtual-Access2-head-0, local addr 192.168.178.10
protected vrf: (none)
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (192.168.51.36/255.255.255.255/0/0)
current_peer 192.168.178.20 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 192.168.178.10, remote crypto endpt.: 192.168.178.20
path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0/0
current outbound spi: 0x2BC8C96(45911190)
PFS (Y/N): N, DH group: none
inbound esp sas:
spi: 0x305DDD05(811457797)
transform: esp-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 6011, flow_id: ISM VPN:11, sibling_flags 80000040, crypto map: Virtual-Access2-head-0
sa timing: remaining key lifetime (k/sec): (4608000/3511)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x2BC8C96(45911190)
transform: esp-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 6012, flow_id: ISM VPN:12, sibling_flags 80000040, crypto map: Virtual-Access2-head-0
sa timing: remaining key lifetime (k/sec): (4608000/3511)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)
outbound ah sas:
outbound pcp sas:
Router1941#
Any ideas, what the problem could be?
Thanks.
- Labels:
-
VPN
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide