Prepare a Router for Site-to-Site VPN using Pre-shared Keys
Step 4 – Ensure the network works without encryption

Basic connectivity between peers must be checked before IPSec configuration can begin.

The router ping command can be used to test basic connectivity between IPSec peers . While a successful ICMP echo, or ping, will verify basic connectivity between peers, it should be verified that the network works with any other protocols or ports that are to be encrypted, such as Telnet or FTP, before beginning IPSec configuration.

After IPSec is activated, basic connectivity troubleshooting can be difficult because the security configuration may mask a more fundamental networking problem. Previous security settings could result in no connectivity.