Avatar of Mtarawala
Mtarawala asked on

IPSec VPN

Dear Team,

I have IPsec VPN from my 1841 cisco router and the problem is that sometimes the VPN is not shown when i run teh command sh crypto isakmp sa, but i can ping the remote host on the remote network.Othertimes the VPN state is MM_NO_STATE, but still i can ping the other remote end.Why is this happening.i have added my sh ver of router below.

XXXX#sh ver
Cisco IOS Software, 1841 Software (C1841-ADVIPSERVICESK9-M), Version 12.4(8), RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Mon 15-May-06 13:52 by prod_rel_team

ROM: System Bootstrap, Version 12.4(13r)T8, RELEASE SOFTWARE (fc1)

UPS-Kems uptime is 2 weeks, 5 days, 5 hours, 17 minutes
System returned to ROM by reload at 02:30:08 UTC Tue Jun 21 2011
System image file is "flash:c1841-advipservicesk9-mz.124-8.bin"


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco 1841 (revision 7.0) with 116736K/14336K bytes of memory.
Processor board ID FCZ130692B8
2 FastEthernet interfaces
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
31360K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0x2102

XXXXX#

Thanks.
Munawar
Internet Protocol Security

Avatar of undefined
Last Comment
John Meggers

8/22/2022 - Mon
John Meggers

It's still possible to reach a remote host bypassing the VPN depending on other factors such as addressing, NAT and routing. If the VPN Is properly configured, it shouldn't happen, but the VPN not working doesn't necessarily mean you can't reach the other host.  What addressing is being used and what's in the middle (WAN)?
ASKER
Mtarawala

We are using private IP address between the 2 network.The IPSec is over the internet link.its a stie to site VPN over peer IP addresses.The VPN doesnt show is the sh crypto isakmp sa, but still we can ping the remote server private address from our server.
ASKER CERTIFIED SOLUTION
John Meggers

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23