VPN not passing traffic

Unanswered Question
Sep 17th, 2009

We have VPN IpSec tunnel setup between two locations. Customer initiates connection it appears getting connected:

ipconfig shows correct host/gateway IP addresses but no traffic being passed through.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
redalek Fri, 09/18/2009 - 02:24

here is the deal, i'm in charge of supporting corporate network. this particular VPN is setup on few desktops which are on my Corp LAN. I don't have access to vew nor troublehsoot this VPN connection. Group who is in charge of VPN is stating its corporate LAN issue. Desktop when is not on VPN communicates fine over corprate network.

My question: crypto ACL. Is it on concentrator? If you could please provide more info. Really appreciated!

Alexandro Carra... Mon, 09/21/2009 - 13:40

hi, i understand that it is a lan to lan vpn ipsec tunnel.

I understand you don't have access to view or troubleshoot ... this will be kind of hard, however if you can answer these questions, we'll get more background to solve this.

what ipsec/isakmp settings do both peers have? can you get a copy of the config of both ends? it is very likely that it is an issue with proxy id's, however you can also check pfs if it is enabled on your 2 vpn peers. if it is, make sure you have the same group on both. what about nat? are you avoiding nat to the remote end of the tunnel if it is implemented?

when unable to communicate, clear crypto ipsec sa counters on both ends, try to send traffic and check the packets received and transmitted, if the issue is internal routing on the remote end, the local end will see packets Tx but not Rx.

to answer your question... crypto acl is the match address xxxx on your ipsec config and this is on your ipsec peer.

what devices do you have for vpn? ASA? Routers? 3000?


redalek Mon, 09/21/2009 - 13:50


Thank you very much for your tips!

From what I understand, they (group that supports this VPN) uninstalled and reinstalled VPN client software and traffic started flow between 2 end points.

Alexandro Carra... Mon, 09/21/2009 - 13:57

Good to hear! i thought it was a l2l tunnel. if this is a vpn client, next time you can take a look at the logs on the vpn client, just enable logs, set them all on level 3, connect and try to pass traffic. then check the statistics of the vpn client and check the packets received and transmitted to give you an idea of where the problem may be :) Have a good one!


This Discussion