cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
1396
Views
5
Helpful
4
Replies

Packet Tracer IPSec VPN Tunnel ACL Drops

angelofenders
Level 1
Level 1

I have an IPSEC VPN Network that I have configured. The network uses EIGRP to connect to each other. My ACL is a Named Extended Network. The two nodes that I want to communicate with each other won't communicate with each other. To be more specific, USER_A and SERVER_A are not communicating. However they can ping to the rest of the network just fine. I am leaning towards either my ACL is configured wrong or that my interfaces are configured wrong and I cannot figure out how to correct it although I'm willing to bet it's simple. Image attachment displays the network.

 

Router 1

ip access-list extended VPN1
permit ip 192.168.108.176 0.0.0.255 192.168.219.160 0.0.0.255
exit
int f0/1
exit
!
crypto isakmp policy 666
encryption aes 128
hash sha
authentication pre-share
group 5
lifetime 40000
exit
!
crypto isakmp key Anon address 122.100.100.50
!
crypto ipsec transform-set PF_666 esp-aes 128 esp-sha-hmac
!
crypto map GRP5 666 ipsec-isakmp
set peer 122.100.100.50
set pfs group5
set transform-set PF_666
match address VPN1
!
int f0/1
crypto map GRP5

 

Router 2

ip access-list extended VPN1
permit ip 192.168.219.160 0.0.0.255 192.168.108.176 0.0.0.255
exit
int f1/0
exit
!
crypto isakmp policy 666
encryption aes 128
hash sha
authentication pre-share
group 5
lifetime 40000
exit
!
crypto isakmp key Anon address 149.109.109.18
!
crypto ipsec transform-set PF_666 esp-aes 128 esp-sha-hmac
!
crypto map GRP5 666 ipsec-isakmp
set peer 149.109.109.18
set pfs group5
set transform-set PF_666
match address VPN1
!
int f1/0
crypto map GRP5

1 Accepted Solution

Accepted Solutions

See attached 

changed peer on Router2 from .18 to .17

crypto map GRP5 666 ipsec-isakmp 
 set peer 149.109.109.17

Changed ACLs from .255 to .7

ip access-list extended VPN1
 permit ip 192.168.219.0 0.0.0.7 192.168.108.0 0.0.0.7

because the interesting traffic is generated from 

interface FastEthernet0/1
 ip address 192.168.219.161 255.255.255.248

Screenshot 2020-05-27 at 08.10.40.png

View solution in original post

4 Replies 4

omz
VIP Alumni
VIP Alumni

Hi

zip and attach the packet tracer file here 

Attached and sent. 

See attached 

changed peer on Router2 from .18 to .17

crypto map GRP5 666 ipsec-isakmp 
 set peer 149.109.109.17

Changed ACLs from .255 to .7

ip access-list extended VPN1
 permit ip 192.168.219.0 0.0.0.7 192.168.108.0 0.0.0.7

because the interesting traffic is generated from 

interface FastEthernet0/1
 ip address 192.168.219.161 255.255.255.248

Screenshot 2020-05-27 at 08.10.40.png

Took your solution and tested it. Then applied my save and made the changes myself to verify it and it's working perfectly for me. I very much appreciate your patience in helping me with such simple mistakes.