Re: Unable to ping after setting up IPSec VPN Tunnel

aneeshapanigrahi · ‎12-12-2020

I'm not able to ping from PC(1) to PC15(1) across the IPSec VPN Tunnel that I have set up. I have used the configuration given in the documentation of Cisco.

R1(config)# crypto isakmp policy 10

R1(config-isakmp)# hash sha

R1(config-isakmp)# authentication pre-share

R1(config-isakmp)# group 5

R1(config-isakmp)# lifetime 3600

R1(config-isakmp)# encryption aes 256

R1(config-isakmp)# end

R1(config)# crypto isakmp key cisco123 address 10.2.2.1

R1(config)# crypto ipsec transform-set 50 esp-aes 256 esp-sha-hmac

R1(cfg-crypto-trans)# exit

R1(config)# access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255

R1(config)# crypto map CMAP 10 ipsec-isakmp

R1(config-crypto-map)# match address 101

R1(config-crypto-map)# set peer 10.2.2.1

R1(config-crypto-map)# set pfs group5

R1(config-crypto-map)# set transform-set 50

R1(config-crypto-map)# set security-association lifetime seconds 900

R1(config-crypto-map)# exit

R1(config)# interface S0/0/0

R1(config-if)# crypto map CMAP

R1(config)# end

Please help to solve this.

Thank you :")

Rob Ingram · ‎12-12-2020

@aneeshapanigrahi

I don't have packet tracer so cannot view the topology/configuration.

I assume PC1 is on the 192.168.1.0/24 network and PC15 is on 192.168.3.0/24 network?

Is the default route of the PCs the local routers?

Do the routers have a default route pointing to the next hop?

Provide the full configuration of the routers and run a ping from PC1 and then provide the output of "show crypto ipsec sa"