seibertmedia Wed, 09/16/2009 - 23:34
User Badges:

I'm sorry, but i can't see any attachements.

If the tunnel is fully established, then there could be a routing problem. Is it possible, that you are using the same subnet on both sides of the tunnel?


pompeychimes Thu, 09/17/2009 - 22:21
User Badges:
  • Bronze, 100 points or more

I notice you are using DHCP on the WAN interface. I assume you have a reservation with the DHCP Server that ensures you get the same IP ( every time. Are you also getting a default route from the DHCP Server? If not, please configure a static default route. With a default route confirmed remove this route "ip route" you don't need it.

On the HQ router remove this route "ip route" again you don't need it.

If after all this you still can't pass traffic please post the output of these commands from both routers...

sh crypto isakmp sa detail

sh crypto session detail


habibnoubissi Thu, 09/17/2009 - 23:49
User Badges:

thank you for your help,

I get the same IP and a default route from the ISP dhcp server, you can see it in the branch sh_cmd_BRANCH attached to this message. I have removed all the static route in the two router.

you can see on the attachments the two sh crypto commands.

Thank you

pompeychimes Fri, 09/18/2009 - 02:58
User Badges:
  • Bronze, 100 points or more

Based on the output provided the VPN is up. Your ping probably arent working because you are don't appear to be sourcing them from the LAN interface. Try this...

ping source f0/0

habibnoubissi Fri, 09/25/2009 - 23:05
User Badges:


I have tried the extended ping, and I have removed the two static route in the two routers and work very good now.

Thank you very much for your help.


This Discussion