Dear;

the attached is other end

-my LAN is 172.18.1.0/24 other is 10.40.0.0/16

-my peer is 89.148.43.29 other is 213.42.65.202

------------------------------------------

ITS-BAH-OFFICE#sh cry isa sa

IPv4 Crypto ISAKMP SA

dst src state conn-id slot status

213.42.65.202 89.148.43.29 QM_IDLE 4001 0 ACTIVE

IPv6 Crypto ISAKMP SA

-------------------------------------------

Hi,

It seems like the tunnel is up :

213.42.65.202 89.148.43.29 QM_IDLE 4001 0 ACTIVE

Are you not able to pass traffic ?

Try to send some traffic from the hosts and then capture the output for "sh cry ipsec sa" . Paste it here.

-Kanishka

This is show cry ips sa

Hi,

If you see the output for "sh cry ipsec sa"

local ident (addr/mask/prot/port): (172.18.1.0/255.255.255.0/0/0)

remote ident (addr/mask/prot/port): (10.40.0.0/255.255.0.0/0/0)

current_peer 213.42.65.202 port 500

PERMIT, flags={origin_is_acl,}

#pkts encaps: 1557, #pkts encrypt: 1557, #pkts digest: 1557

#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0

You will see, that this side is enrypting the packets but they are not getting back from the other router.

This proves that the problem is definitely on this Router's side. Could you please post the full config of this router(which has inside subnet of 10.40.x.x) and possibly the output of "sh cry ipsec sa" from it as well.

-Kanishka

I really appreciate your help.

The attached is

- show run

- show cry isa sa

- show cry ips sa

for both my and second peers in addition to drawing.

thanks a lot

:S :S :S

Actually i keep pinging... it's replied

i did not do any changes.

Thanks a lot Mr. Kanishka

Tomorrow i will re-establish the tunnel and test applications.

Thanks a lot.