VPN Problem - Monitor Traffic

Unanswered Question
Jan 19th, 2008

I have a problem with a site to site VPN tunnel.

I have setup a tunnel with a remote site ( to my site ( The remote site can initiate Phase 2 but does not get a ping response.

Phase 2 is not even attempted when the local site pings a server on the remote site. Please could someone help resolve the problem or advise how I can troubleshoot the connection? How can I monitor traffic in the VPN tunnel?

Config attached

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ajagadee Sat, 01/19/2008 - 23:19

You have access-lists applied on the inside and dmz interface and I do not configuration permitting traffic from going to

Please configure the permit statements and then test the IPSEC Tunnel.



paxpaw0202 Sun, 01/20/2008 - 02:20

Thanks for the reply:

The N2_outbound access-lis:

access-list N3_outbound extended permit ip any any

is applied to the inside interface:

access-group N3_outbound in interface inside

and permits traffic from the inside to dmz3.

There is no statement that allows back into the dmz3 interface, but I thought that the vpn tunnel would by-pass the ACL. Please could you advice what statements are required?



This Discussion