Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
349
Views
0
Helpful
2
Replies

VPN Problem - Monitor Traffic

paxpaw0202
Level 1
Level 1

‎01-19-2008 06:54 AM - edited ‎02-21-2020 03:29 PM

I have a problem with a site to site VPN tunnel.

I have setup a tunnel with a remote site (138.3.0.0/16) to my site (10.212.0.0/16 10.147.108.0/24). The remote site can initiate Phase 2 but does not get a ping response.

Phase 2 is not even attempted when the local site pings a server on the remote site. Please could someone help resolve the problem or advise how I can troubleshoot the connection? How can I monitor traffic in the VPN tunnel?

Config attached

Labels:
Preview file
14 KB
0 Helpful
2 Replies 2

ajagadee
Cisco Employee
Cisco Employee

‎01-19-2008 11:19 PM

You have access-lists applied on the inside and dmz interface and I do not configuration permitting traffic from 10.212.0.0/16 10.147.108.0/24 going to 138.3.0.0/16.

Please configure the permit statements and then test the IPSEC Tunnel.

Regards,

Arul

0 Helpful

paxpaw0202
Level 1
Level 1
In response to ajagadee

‎01-20-2008 02:20 AM

Thanks for the reply:

The N2_outbound access-lis:

access-list N3_outbound extended permit ip any any

is applied to the inside interface:

access-group N3_outbound in interface inside

and permits traffic from the inside to dmz3.

There is no statement that allows 138.3.0.0/16 back into the dmz3 interface, but I thought that the vpn tunnel would by-pass the ACL. Please could you advice what statements are required?

Thanks

0 Helpful
Customers Also Viewed These Support Documents