cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
231
Views
5
Helpful
4
Replies
Highlighted
Beginner

Packet Tracer IPSec VPN Tunnel ACL Drops

I have an IPSEC VPN Network that I have configured. The network uses EIGRP to connect to each other. My ACL is a Named Extended Network. The two nodes that I want to communicate with each other won't communicate with each other. To be more specific, USER_A and SERVER_A are not communicating. However they can ping to the rest of the network just fine. I am leaning towards either my ACL is configured wrong or that my interfaces are configured wrong and I cannot figure out how to correct it although I'm willing to bet it's simple. Image attachment displays the network.

 

Router 1

ip access-list extended VPN1
permit ip 192.168.108.176 0.0.0.255 192.168.219.160 0.0.0.255
exit
int f0/1
exit
!
crypto isakmp policy 666
encryption aes 128
hash sha
authentication pre-share
group 5
lifetime 40000
exit
!
crypto isakmp key Anon address 122.100.100.50
!
crypto ipsec transform-set PF_666 esp-aes 128 esp-sha-hmac
!
crypto map GRP5 666 ipsec-isakmp
set peer 122.100.100.50
set pfs group5
set transform-set PF_666
match address VPN1
!
int f0/1
crypto map GRP5

 

Router 2

ip access-list extended VPN1
permit ip 192.168.219.160 0.0.0.255 192.168.108.176 0.0.0.255
exit
int f1/0
exit
!
crypto isakmp policy 666
encryption aes 128
hash sha
authentication pre-share
group 5
lifetime 40000
exit
!
crypto isakmp key Anon address 149.109.109.18
!
crypto ipsec transform-set PF_666 esp-aes 128 esp-sha-hmac
!
crypto map GRP5 666 ipsec-isakmp
set peer 149.109.109.18
set pfs group5
set transform-set PF_666
match address VPN1
!
int f1/0
crypto map GRP5

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Collaborator
Collaborator

Re: Packet Tracer IPSec VPN Tunnel ACL Drops

See attached 

changed peer on Router2 from .18 to .17

crypto map GRP5 666 ipsec-isakmp 
 set peer 149.109.109.17

Changed ACLs from .255 to .7

ip access-list extended VPN1
 permit ip 192.168.219.0 0.0.0.7 192.168.108.0 0.0.0.7

because the interesting traffic is generated from 

interface FastEthernet0/1
 ip address 192.168.219.161 255.255.255.248

Screenshot 2020-05-27 at 08.10.40.png

View solution in original post

4 REPLIES 4
Highlighted
Collaborator
Collaborator

Re: Packet Tracer IPSec VPN Tunnel ACL Drops

Hi

zip and attach the packet tracer file here 

Highlighted
Beginner

Re: Packet Tracer IPSec VPN Tunnel ACL Drops

Attached and sent. 

Highlighted
Collaborator
Collaborator

Re: Packet Tracer IPSec VPN Tunnel ACL Drops

See attached 

changed peer on Router2 from .18 to .17

crypto map GRP5 666 ipsec-isakmp 
 set peer 149.109.109.17

Changed ACLs from .255 to .7

ip access-list extended VPN1
 permit ip 192.168.219.0 0.0.0.7 192.168.108.0 0.0.0.7

because the interesting traffic is generated from 

interface FastEthernet0/1
 ip address 192.168.219.161 255.255.255.248

Screenshot 2020-05-27 at 08.10.40.png

View solution in original post

Highlighted
Beginner

Re: Packet Tracer IPSec VPN Tunnel ACL Drops

Took your solution and tested it. Then applied my save and made the changes myself to verify it and it's working perfectly for me. I very much appreciate your patience in helping me with such simple mistakes.