IPSec Tunnel is up but cant ping remote ip

Discussion in 'Cisco' started by urvin, Apr 14, 2008.

  1. urvin

    urvin

    Joined:
    Apr 14, 2008
    Messages:
    2
    Hi,

    I have setup a Ipsec tunnel between our branch office and our HQ. Please find attached the configuration. The tunnel is showing up but I am not able to ping the remote end of the tunnel. Any help really appreciated. I am using a Cisco 877 router in the branch office.

    Router configruation:

    crypto isakmp policy 450
    authentication pre-share
    lifetime 84600
    crypto isakmp key passkey address 193.95.x.x
    crypto isakmp invalid-spi-recovery
    crypto isakmp keepalive 30 30
    !
    !
    crypto ipsec transform-set internet esp-3des esp-sha-hmac
    mode transport
    !
    crypto map Russia-VPN local-address Loopback0
    crypto map Russia-VPN 450 ipsec-isakmp
    description VPN backup To Dublin
    set peer 193.95.x.x
    set transform-set internet
    match address 130
    !
    !
    !
    !
    interface Loopback0
    description ConnectionToISP
    ip address 85.112.x.x 255.255.255.252
    crypto map Russia-VPN
    !
    interface Tunnel450
    bandwidth 2048
    ip address 10.193.251.74 255.255.255.252
    no ip mroute-cache
    tunnel source Loopback0
    tunnel destination 193.95.x.x
    crypto map Russia-VPN
    !
    interface ATM0
    no ip address
    no atm ilmi-keepalive
    dsl operating-mode adsl2+
    !
    interface ATM0.1 point-to-point
    ip address 192.168.2.1 255.255.255.252
    ip accounting output-packets
    ip accounting access-violations
    no snmp trap link-status
    atm route-bridged ip
    pvc 1/50
    encapsulation aal5snap
    !
    !
    interface FastEthernet0
    !
    interface FastEthernet1
    switchport access vlan 2
    !
    interface Vlan2
    ip address 10.207.3.247 255.255.252.0
    !
    router eigrp 180
    network 10.193.251.72 0.0.0.3
    network 10.207.0.0 0.0.3.255
    distribute-list 1 out Vlan2
    no auto-summary
    no eigrp log-neighbor-changes
    !
    ip route 0.0.0.0 0.0.0.0 Tunnel450
    ip route 193.95.x.x 255.255.255.255 192.168.2.2
    !
    !
    !
    access-list 130 permit gre host 85.112.x.x host 193.95.x.x
    access-list 130 permit ip host 85.112.x.x host 193.95.x.x
    snmp-server community somestring RO
    !
    !

    Router#sh crypto isakmp sa
    IPv4 Crypto ISAKMP SA
    dst src state conn-id slot status
    85.112.x.x 193.95.x.x QM_IDLE 2002 0 ACTIVE

    IPv6 Crypto ISAKMP SA

    Router#sh ip route 10.193.251.72
    Routing entry for 10.193.251.72/30
    Known via "connected", distance 0, metric 0 (connected, via interface)
    Redistributing via eigrp 180
    Routing Descriptor Blocks:
    * directly connected, via Tunnel450
    Route metric is 0, traffic share count is 1

    Router#sh ip eigrp neighbors
    IP-EIGRP neighbors for process 180
    H Address Interface Hold Uptime SRTT RTO Q Seq
    (sec) (ms) Cnt Num
    1 10.193.251.73 Tu450 14 00:00:33 1 5000 2 0
    0 10.207.3.254 Vl2 13 00:32:11 5 200 0 687

    Router#sh ver

    Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 12.4(11)T4,
    RELEASE SOFTWARE (fc3)
    System image file is "flash:c870-advipservicesk9-mz.124-11.T4.bin"

    Also you can see from the sh ip eigrp neighbors, eigrp hello packets are not been sent to the remote router.

    Regards
    urvin
     
    urvin, Apr 14, 2008
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. John Ireland
    Replies:
    1
    Views:
    1,102
    Claude LeFort
    Nov 11, 2003
  2. a.nonny mouse
    Replies:
    2
    Views:
    1,146
  3. AM
    Replies:
    7
    Views:
    4,472
    kh_alex81
    Jul 19, 2007
  4. tsvanduyn@yahoo.com

    GRE Tunnel up/up Cannot ping tunnel interface

    tsvanduyn@yahoo.com, Mar 6, 2006, in forum: Cisco
    Replies:
    6
    Views:
    29,760
    tsvanduyn@yahoo.com
    Mar 9, 2006
  5. louisa
    Replies:
    0
    Views:
    1,672
    louisa
    Dec 9, 2011
Loading...

Share This Page