TUNNEL UP BUT NO TRAFFIC PASSING THROUGH

Unanswered Question
Nov 6th, 2008
User Badges:

Hello, we have a customer that has been working with us like 1 month with no problem. We did a connection between a fortigate firewall and a Cisco 2811. Now the tunnel is up but no traffic is going and coming through it. I did remake the whole configuration for this costumer: Key, cryptomap and access-list. The tunnel comes up but again, no traffic is coming or going.


Any hints ?


Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ajagadee Thu, 11/06/2008 - 04:55
User Badges:
  • Cisco Employee,

Hi,

Below is an excellent document on Most Common L2L and Remote Access IPSec VPN Troubleshooting Solutions.


http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml


If this doc does not help, do post your configuration along with the Src and Dest IP Addresses that you are trying to ping across the tunnel.


Regards,

Arul


*Pls rate if it helps*

Richard Burts Thu, 11/06/2008 - 10:04
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Xavier


The first thing that I would look at would be the access lists that define interesting traffic for encryption. Probably the most common cause of no traffic going over the tunnel is an incorrectly configured, or a mismatched access list.


If the tunnel comes up that would indicate that the peering, authentication, and IPSec policies match.


I find that the output of show crypto map can be helpful in resolving issues like this.


HTH


Rick

msantiveri Tue, 12/02/2008 - 09:39
User Badges:

Take a look of subnet masks of the ACL that defines interesting traffic at both sides



Actions

This Discussion