Cisco IPsec VPN: VPN up but no traffic/ping

5 pts.
Tags:
Cisco
Cisco 871
Cisco Routers
draytek
draytek vigor 2200E+
IPsec
IPsec VPN
Routers
VPN
Hi, I'm having some problems setting up an IPsec VPN between a Cisco 851 and a Draytek Vigor 2200E+. The IPsec VPN seems to establish well, passes IPsec phase 2, and shows up as an active IPsec session in both routers. The problem is that I'm unable to ping, or send any traffic, to any of the hosts that's connected to the other router. Also, when debugging the Cisco router (debug crypto IPsec) it gives the message:

decrypted packet failed SA identity check once in about a minute. network layout: CISCO inside vlan1: 192.168.10.1 /24 | outside fa4: 87.215.129.2 /29 | ADSL MODEM ip: 87.215.129.1 | INTERNET | ADSL MODEM ip: 87.213.1.1 | DRAYTEKVIGOR outside 87.213.1.2 /29 | inside: 192.168.1.1 /24

I hope I've given enough information and that anyone can help me out! Thanks a lot!
ASKED: February 26, 2009  5:10 PM
UPDATED: April 19, 2013  7:59 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

You will need to have routes across the tunnel at both ends to be able to return traffic. If you see ICMP traffic going in and nothing on the other side, then it is possible that the return route is missing.

======================

Use traceroute to find out where the connection is stopping or if the packets are bouncing back and forth.

=====================

ACL 102 has a typo : access-list 102 deny ip 192.168.10.0 0.0.0.255 <b>192.168.11.0</b> 0.0.0.255

Also, use ‘show crypto ipsec sa’ to see if packets are being encrypted and decrypted.

If you are pinging from the Cisco router you will need to source your pings from VLAN 1 or the ping will fail. Best to just connect from a connected host.

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Synesthesia
    Thanks for being courageous enough to talk about this very serious problem that most of us have to confront and are afraid to speak upon.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following