Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

ipsec and vlan interface

Hi . help me with tips please. I have an Ipsec vpn established between 2 routers cisco 881 :

sho crypto isakmp sa


dst src state conn-id status QM_IDLE 2001 ACTIVE

L_R#sho crypto engine conn active

Crypto Engine Connections

ID Type Algorithm Encrypt Decrypt LastSeqN IP-Address

3 IPsec DES+MD5 0 133 133

4 IPsec DES+MD5 101 0 0

5 IPsec DES+MD5 0 8 8

6 IPsec DES+MD5 8 0 0

2001 IKE MD5+DES 0 0 0

2 compyuters connected behind of each router PC_A-RouterA-RouterB-PC_B. PC A ( can tracert/ping PC B( , but PC B tracert only till routerA wan interface .. the configs are the same just mirror .. i can't find out why ping/tracert doesn't reach vlan interface to which is PC_A connected..

configs of the 2 routers is attached in zip file

Everyone's tags (4)
Hall of Fame Super Bronze

ipsec and vlan interface

Configs look fine.

I recommend cleaning the IPSEC ACL a little bit but it shouldn't be causing this problem.

It seems the PC_A has incorrect default gateway configuration or FW is enabled.



Re: ipsec and vlan interface

thank u for reply . i checked- firewal is off on both PC_A GW (nt vlan 20)

router_B:interface Vlan20

ip address

ip nat inside

ip virtual-reassembly

and PC_B , as u see here default GW is correct

router_A: interface Vlan20

ip address

ip nat inside

ip virtual-reassembly

also when i do tracert from PC_B ( to fine (2 hops and then

when i do tracert from PC_B ( to (PC_A) - 1 hop then 2 hop (WAN of router_A) and then request timed out . somehow packets can't go trough wan interface to interface vlan 20 .

Guys I still need a help please