Problem With VPN Site-to-Site on Router 871

Unanswered Question
Feb 9th, 2010

I have a problems running a VPN Site-to-Site in a Cisco Router 871. This is the scenario, I already Configured The two phases Isakmp And IpSec, but I don't recieve information from my peer, It seems like I'm sending information but I can't recieve.

Our Router is inside the ISP site, then we have an internal ip private Address given by the ISP and another Public IP addres wich is the one our clients see.

Do you think is could be a Nat Problem or a Port Problem?

Omar Díaz

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
johnd2310 Wed, 02/10/2010 - 00:59


Are both ends using NAT? Which end is Sending and which end is not receiving? Make sure the crypto access lists are using the correct addesses, especially where you have NAT.



omardiaz08 Wed, 02/10/2010 - 10:38

Hi John,

Both ends are using NAT, I'm the one that I'm sending iformation to my peer but I don't see any answer. I already check the address and I think they are all right. The status on the sh Crypto Isakmp sa, shows that the tunnel is active, and in the Sh Crypto ipsec SA the packets are being encrypted and encapsulated.

What else do you think I can Check?

Thank You


hdashnau Wed, 02/10/2010 - 11:57

I understand you see in the output of "show crypto ipsec sa" that the encaps are incrementing as you send traffic. Are the decaps on your side also incrementing or are they staying the same when you send traffic? If the decaps are staying the same, you need to examine the remote end to see if it is encapsulating packets towards your router -- the problem may be on the other end of the tunnel.


omardiaz08 Wed, 02/10/2010 - 12:56

They decaps are staying the same, I will ask the other side if they can check they configuration, because the remote router is not under my control.


This Discussion