Am in the process of learning GET VPN. I have successfully implemented IPSEC sessions,and KS & GMs are communicating successfully. However while checking the packets passing between KS and GM , there are no encrypted or decrypted packets passing. Am using 7200 router as both KS and GM. I have applied crypto map in interface GigabitEthernet0/2.7
Interface: GigabitEthernet0/2.7 Uptime: 02:58:42 Session status: UP-ACTIVE Peer: 0.0.0.0 port 848 fvrf: (none) ivrf: (none) Phase1_id: 22.214.171.124 Desc: (none) IKE SA: local 126.96.36.199/848 remote 188.8.131.52/848 Active Capabilities:(none) connid:1091 lifetime:5w1d IKE SA: local 184.108.40.206/848 remote 220.127.116.11/848 Active Capabilities:D connid:1090 lifetime:21:01:17 IPSEC FLOW: permit ip 18.104.22.168/255.255.255.252 22.214.171.124/255.255.255.252 Active SAs: 2, origin: crypto map Inbound: #pkts dec'ed 0 drop 0 life (KB/Sec) 0/2505 Outbound: #pkts enc'ed 0 drop 0 life (KB/Sec) 0/2505 IPSEC FLOW: permit ip 126.96.36.199/255.255.255.252 188.8.131.52/255.255.255.252 Active SAs: 2, origin: crypto map Inbound: #pkts dec'ed 0 drop 0 life (KB/Sec) 0/2505 Outbound: #pkts enc'ed 0 drop 0 life (KB/Sec) 0/2505
Since it is able to transmit and receive the key properly I believe the configurations should be correct. Traceroute clearly shows that the packets are going through specified path only. But none of the packects are encrypted, why it happens. Is it any way related to the ACL set on KS ?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...