Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
446
Views
0
Helpful
1
Replies

VPN Tunnel on router

Juan Francisco Burga Colchado
Level 1
Level 1

‎05-24-2012 09:49 AM

I have a problem when I created a tunnel between 2 routers

Router A

interface Tunnel1

description ## TUNEL VPN #

ip address 172.20.1.2 255.255.255.252

tunnel source GigabitEthernet1/0

tunnel destination 190.10.8.13

--------------------------------------------------------

Router_A#ping 190.10.8.13

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 190.10.8.13, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 192/195/200 ms

--------------------------------------------------------------------------------------------------------------

Tunnel1                    172.20.1.2      YES manual up                    up

--------------------------------------------------------------------------------------------------------------

Router_A#ping 172.20.1.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.20.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Router_A#ping 172.20.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.20.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
-------------------------------------------------------------------------------------------------

Router B

interface Tunnel1

description ## TUNEL VPN TO ZORRITOS ##

ip address 172.20.1.1 255.255.255.252

tunnel source GigabitEthernet0/0.453

tunnel destination 190.4.6.22

---------------------------------------------------------------------------------

Router_B#ping 190.4.6.22

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 190.4.6.22, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 192/194/200 ms

----------------------------------------------------------------------------------------------------------------

Tunnel1                    172.20.1.1      YES manual up                    up

--------------------------------------------------------------------------------------------------

Router_B#ping 172.20.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.20.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Router_B#ping 172.20.1.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.20.1.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
------------------------------------------------------------------------------------------------------------

Why I can't do ping to another ip address of tunnel

Labels:
0 Helpful
1 Reply 1

Richard Burts
Hall of Fame
Hall of Fame

‎05-24-2012 10:59 AM

You have provided partial information about your environment, giving the tunnel but not the other interfaces and not the crypto map information. And without more information it is difficult to be sure. But my guess is that the routers expect traffic coming through the tunnel to be encrypted. But when you ping to the tunnel IP address I am guessing that this does not match the crypto map and is not encrypted. And I am guessing that the routers do not accept un-encrypted traffic arriving on the tunnel.

HTH

Rick

HTH

Rick
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents