L2L Tunnel allows traffic one way, but not the other.

Unanswered Question
Feb 23rd, 2010
User Badges:

I have 2 L2L tunnels set up with two outside contractors. I am using a 3005 device and the tunnels are up and active. Each contractor is able to pass traffic to my local network (ping devices on our private IP) however I am not able to get to their local networks. If I trace from our internal network to an IP on the contractor's side, the packets hit our concentrator and then take the default route out to the external interface of the VPNC and stop. It was my understanding that once a tunnel is up, the VPNC should know where to route traffic destined for that tunnel. However this is not the case. I'm not sure what I'm doing wrong.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Federico Coto F... Thu, 02/25/2010 - 08:34
User Badges:
  • Green, 3000 points or more


Need to make sure that you have the interesting traffic defined correctly on your end (VPN Concentrator). Mirror of the VPN traffic on the contractor's side.

Also, that there's a route pointing to the remote network to the next-hop for the VPN tunnel path on the Concentrator as well.

If you're doing a traceroute from your side, and the traffic is reaching the VPN, but being sent out to the Internet, it means its not triggering the tunnel, so check the suggestions above.


benrad Thu, 02/25/2010 - 11:37
User Badges:

It turns out it was a NATing issue with our Checkpoint firewall. The tunnel was rejecting the traffic because it didn't recognize the ip.




This Discussion

Related Content