@Flavio MirandaThanks

Hello

    You problem is not with VPN tunnel. The VPN is actually working fine, you problem is with end to end connectivity. Let me show you something. You can check the VPN tunnel with 2 command:

sh crypto pisec sa -  You can see the phase1

sh crypto isakmp sa -  You can see the phase2

If phase 2 ok, of course phase 1 will be also.

=======================================================================================

Brranch2#sh crypto isakmp sa

IPv4 Crypto ISAKMP SA

dst src state conn-id slot status

209.165.100.2 223.210.10.2 QM_IDLE 1016 0 ACTIVE

=======================================================================================

R1-HQ#sh crypto isakmp sa

IPv4 Crypto ISAKMP SA

dst src state conn-id slot status

223.225.10.2 209.165.100.2 QM_IDLE 1096 0 ACTIVE

223.210.10.2 209.165.100.2 QM_IDLE 1063 0 ACTIVE

=======================================================================================

Branch1#sh crypto isakmp sa

IPv4 Crypto ISAKMP SA

dst src state conn-id slot status

209.165.100.2 223.225.10.2 QM_IDLE 1041 0 ACTIVE

=======================================================================================

But you problem is related to connectivity. You need to have connectivity  from behind each routers in order to the tunnel come up. And I have found many issue related to connectivity. I will name some:

- PC connected to switch in trunk

-PC connected to the switch with cross-over cable

-Layer3 not advertising the networks on the OSPF

etc.

I will add here a file where I fixed some problems. Your file is too complex it makes it very difficult to troubleshoot.

I would ask you to use the PCs

HQADMIN-PC

BR1ADMIN-PC

BR2ADMIN-PC

Those PCs I am sure they can ping each other and therefore, bring the tunnel UP. Any other PC or host need to be verified.

Hi Thanks for the reply  but I can't open the file could you please re upload it again I think the PT version issue


Could you please tel me why Layer3 not advertising the networks on the OSPF ?
I'm bit confused and I can't find the issue
Before adding the VPN I was able to ping too all the locations.
If I make the port as access port Admin PC wont communicate with the WLC
All the pc's should be able to communicate between Branches and HQ including the ones that connecting via WIFI

See the below error

I'm running the 8.2.0.0162 version
 I think you are running on a lower version

Hi

 I will upload again any time soon.

About the ospf, just run the commamd

 redistribute connected under ospf process.

Do it on the layer3 switches

Change all the interfaces on the switch from trunk to access

Hi Flavio,
 I tried it and it stopped releasing IP from the DHCP server. If I make it access will it work with the inter-VLAN routing I have 4 VLANs that need to communicate with each other That's why I make those ports as trunks.

Welll, just keep in mind that we dont put ports connect to PCs in trunk, it should be access. But, if that is working for you, go ahead. It is probably working because you are using native vlan.

 I am attaching  the file again and my PT is 8.2

Hi
I have a file without the VPN and it's all working. Can ping all the Branches and HQ. Issues come in when I config the VPN  only I checked your file for some reason DHCP is not releasing. it's weird

I think the PT is facimg some problems. I was testing again and it was not pinging anymore but dhcp was ok.

 Today I will take a close look and if nexessary configure everything again.

 I will let you know.

 Let me just check something. This project is a free project or are you following some requirements?

I would change it a little bit if permitted.

When you say it is working without the VPN, that´s because you have OSPF running among the routers.

The VPN os not necessary on this case after all, you already have connectivity without the VPN.

In a real world topology, you probably would have only internet connectivity with the ISP and then you would create the VPN tunnel over the internet and the connectivity between sites LAN would come after VPN stablished.

 Keep in mind that the VPN comes up if you force it. VPN needs to have traffic in order to force the tunnel up. This is true for real life and on the PT too.

Hi

I have sent you the details PM
Sure go for it you can change it I just want it to work because I can't find the issue

Hope My PM will give you a clear idea

Really appreciate your help

Update.

 Your ISP router has an interface GigabitEthernet0/2  ip address conflict with Branch2 router. Remove this config from the interface, you dont need this interface.

ISP1#

ISP1#sh ip int br

Interface IP-Address OK? Method Status Protocol

GigabitEthernet0/0 209.165.100.1 YES NVRAM up up

GigabitEthernet0/1 unassigned YES manual up down

GigabitEthernet0/2 223.200.10.1 YES NVRAM up down

Serial0/0/0 unassigned YES manual administratively down down

Serial0/0/1 unassigned YES manual up up

Serial0/1/0 unassigned YES unset down down

Serial0/1/1 223.210.10.1 YES manual up up

Vlan1 unassigned YES NVRAM administratively down down

After I did that, I finally got OSPF  working on branch2. It was unstable before.

Brranch2#sh ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

5.5.5.5 0 FULL/ - 00:00:39 223.210.10.1 Serial0/1/0

192.168.70.2 1 FULL/DR 00:00:30 192.168.70.2 GigabitEthernet0/0

Brranch2#

Hello,

 Here I have a file where connectivity is working. I just need you to test on your machine and make sure we are on the same page here. Let´s first agree on the connectivity first and we can bring the VPN later.

I am using the same PCs

HQADMIN-PC

BR1ADMIN-PC

BR2ADMIN-PC

Rint, when you open the file, force the PCs to get IP again.