I would personally generate traffic on one site and check the outputs on the devices to confirm if the remote end sees the L2L VPN negotiation and also confirm if it sends back message to the local router.
First you should perhaps put a continuous ICMP from some host that is supposed to go through the L2L VPN to the remote network.
I would then check the output of this command on the local router
show crypto isakmp sa
You could also check the same output from the remote end device.
We would need to see those outputs while traffic matching the L2L VPN configurations is being sent to the router.
Take the output of the above command multiple times while you are generating traffic (depending how far the negotiation goes the output of the command might vary when you give it multiple times)
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 63966, #recv errors 0
local crypto endpt.: 10.x.x.x, remote crypto endpt.: 59.x.x.x
path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0
current outbound spi: 0x0(0)
inbound esp sas:
inbound ah sas:
inbound pcp sas:
outbound esp sas:
outbound ah sas:
outbound pcp sas:
I am not sure whether the problem is from ISP side or from local side, as in both the router other tunnel are working properly. by looking at the above command what do you think where the problem could exists?
VPN is configured between two cisco 2811 router, at local router there are arround 25 tunnel is created whereas in remote router there are 3 tunnel created. now the problem is, at local router and remote router all other tunnel are working fine except only one tunnel which is mentioned above.
As per my knowledge the udp or tcp traffic is allowed by default in router, there is no need to apply ACL for that.
kindly share your views about it or what other problem can made the tunnel down?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :