Hello Aryoba and list,
I've turned off the Windows firewalls on both "PC 1" and "PC 2" and now "PC 1" can access "PC 2"'s shares and and vice versa. It is not a solution but I guess it is an indication that the VPN tunnel is actually "doing" its job, isn't it?
Now, I have to learn how to turn on the firewalls on "PC 1" and "PC 2" and let the VPN traffic go through... yet another not easy task... Of course, if you have a good idea I would take it with relief.
I have another question: in the past I set up a PPP over SSH tunnel between two Unix machines, I could, start stop, restart the tunnel whenever I wanted. Can I do the same with an IPSec tunnel between two Cisco routers? In particular, I wish I could start the tunnel on demand and not have it active all the time... is it possible and how?
Below are the results of the commands:
--------------------------------------------------------------------------
Router1#show crypto isakmp sa
--------------------------------------------------------------------------
IPv4 Crypto ISAKMP SA
dst src state conn-id status
192.168.15.1 192.168.15.2 QM_IDLE 2002 ACTIVE
IPv6 Crypto ISAKMP SA
--------------------------------------------------------------------------
Router1#show crypto ipsec sa
--------------------------------------------------------------------------
interface: Vlan2
Crypto map tag: VPN, local addr 192.168.15.1
protected vrf: (none)
local ident (addr/mask/prot/port): (192.168.1.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.0.0/255.255.255.0/0/0)
current_peer 192.168.15.2 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 670, #pkts encrypt: 670, #pkts digest: 670
#pkts decaps: 472, #pkts decrypt: 472, #pkts verify: 472
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 1, #recv errors 0
local crypto endpt.: 192.168.15.1, remote crypto endpt.: 192.168.15.2
path mtu 1500, ip mtu 1500, ip mtu idb Vlan2
current outbound spi: 0x52EB5BAF(1391156143)
PFS (Y/N): N, DH group: none
inbound esp sas:
spi: 0xF895D437(4170568759)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 5, flow_id: Onboard VPN:5, sibling_flags 80000046, crypto map: VPN
sa timing: remaining key lifetime (k/sec): (4599461/67625)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x52EB5BAF(1391156143)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 6, flow_id: Onboard VPN:6, sibling_flags 80000046, crypto map: VPN
sa timing: remaining key lifetime (k/sec): (4599461/67625)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:
--------------------------------------------------------------------------
Router2#show crypto isakmp sa
--------------------------------------------------------------------------
IPv4 Crypto ISAKMP SA
dst src state conn-id status
192.168.15.1 192.168.15.2 QM_IDLE 2002 ACTIVE
IPv6 Crypto ISAKMP SA
--------------------------------------------------------------------------
Router2#show crypto ipsec sa
--------------------------------------------------------------------------
interface: Vlan2
Crypto map tag: VPN, local addr 192.168.15.2
protected vrf: (none)
local ident (addr/mask/prot/port): (192.168.0.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.1.0/255.255.255.0/0/0)
current_peer 192.168.15.1 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 473, #pkts encrypt: 473, #pkts digest: 473
#pkts decaps: 671, #pkts decrypt: 671, #pkts verify: 671
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 192.168.15.2, remote crypto endpt.: 192.168.15.1
path mtu 1500, ip mtu 1500, ip mtu idb Vlan2
current outbound spi: 0xF895D437(4170568759)
PFS (Y/N): N, DH group: none
inbound esp sas:
spi: 0x52EB5BAF(1391156143)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 5, flow_id: Onboard VPN:5, sibling_flags 80000046, crypto map: VPN
sa timing: remaining key lifetime (k/sec): (4380792/67584)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0xF895D437(4170568759)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 6, flow_id: Onboard VPN:6, sibling_flags 80000046, crypto map: VPN
sa timing: remaining key lifetime (k/sec): (4380791/67584)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:
Thank you for helping and best regards.