Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

ipsec and vlan interface

Hi . help me with tips please. I have an Ipsec vpn established between 2 routers cisco 881 :

sho crypto isakmp sa

IPv4 Crypto ISAKMP SA

dst src state conn-id status

192.168.15.1 192.168.15.2 QM_IDLE 2001 ACTIVE

L_R#sho crypto engine conn active

Crypto Engine Connections

ID Type Algorithm Encrypt Decrypt LastSeqN IP-Address

3 IPsec DES+MD5 0 133 133 192.168.15.2

4 IPsec DES+MD5 101 0 0 192.168.15.2

5 IPsec DES+MD5 0 8 8 192.168.15.2

6 IPsec DES+MD5 8 0 0 192.168.15.2

2001 IKE MD5+DES 0 0 0 192.168.15.2


2 compyuters connected behind of each router PC_A-RouterA-RouterB-PC_B. PC A (172.16.2.2/24) can tracert/ping PC B(192.168.20.4) , but PC B tracert only till routerA wan interface .. the configs are the same just mirror .. i can't find out why ping/tracert doesn't reach vlan interface to which is PC_A connected..

configs of the 2 routers is attached in zip file

Everyone's tags (4)
2 REPLIES
Hall of Fame Super Bronze

ipsec and vlan interface

Configs look fine.

I recommend cleaning the IPSEC ACL a little bit but it shouldn't be causing this problem.

It seems the PC_A has incorrect default gateway configuration or FW is enabled.

Regards,

Edison

Re: ipsec and vlan interface

thank u for reply . i checked- firewal is off on both PC_A 172.16.2.2/24 GW 172.16.2.192 (nt vlan 20)

router_B:interface Vlan20

ip address 192.168.20.1 255.255.255.240

ip nat inside

ip virtual-reassembly

and PC_B 192.168.20.4/28 , as u see here default GW is correct

router_A: interface Vlan20

ip address 172.16.2.192 255.255.255.0

ip nat inside

ip virtual-reassembly

also when i do tracert from PC_B (192.168.20.4) to 172.16.2.192- fine (2 hops 192.168.20.1 and then 172.16.2.192)

when i do tracert from PC_B (192.168.20.4) to 172.16.2.2 (PC_A) - 1 hop 192.168.20.1 then 2 hop 192.168.15.2 (WAN of router_A) and then request timed out . somehow packets can't go trough wan interface to interface vlan 20 .

Guys I still need a help please

460
Views
0
Helpful
2
Replies