Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN not passing traffic

We have VPN IpSec tunnel setup between two locations. Customer initiates connection it appears getting connected:

ipconfig shows correct host/gateway IP addresses but no traffic being passed through.

5 REPLIES
New Member

Re: VPN not passing traffic

Check your crypto ACL

New Member

Re: VPN not passing traffic

here is the deal, i'm in charge of supporting corporate network. this particular VPN is setup on few desktops which are on my Corp LAN. I don't have access to vew nor troublehsoot this VPN connection. Group who is in charge of VPN is stating its corporate LAN issue. Desktop when is not on VPN communicates fine over corprate network.

My question: crypto ACL. Is it on concentrator? If you could please provide more info. Really appreciated!

Cisco Employee

Re: VPN not passing traffic

hi, i understand that it is a lan to lan vpn ipsec tunnel.

I understand you don't have access to view or troubleshoot ... this will be kind of hard, however if you can answer these questions, we'll get more background to solve this.

what ipsec/isakmp settings do both peers have? can you get a copy of the config of both ends? it is very likely that it is an issue with proxy id's, however you can also check pfs if it is enabled on your 2 vpn peers. if it is, make sure you have the same group on both. what about nat? are you avoiding nat to the remote end of the tunnel if it is implemented?

when unable to communicate, clear crypto ipsec sa counters on both ends, try to send traffic and check the packets received and transmitted, if the issue is internal routing on the remote end, the local end will see packets Tx but not Rx.

to answer your question... crypto acl is the match address xxxx on your ipsec config and this is on your ipsec peer.

what devices do you have for vpn? ASA? Routers? 3000?

Alex.

New Member

Re: VPN not passing traffic

Alex,

Thank you very much for your tips!

From what I understand, they (group that supports this VPN) uninstalled and reinstalled VPN client software and traffic started flow between 2 end points.

Cisco Employee

Re: VPN not passing traffic

Good to hear! i thought it was a l2l tunnel. if this is a vpn client, next time you can take a look at the logs on the vpn client, just enable logs, set them all on level 3, connect and try to pass traffic. then check the statistics of the vpn client and check the packets received and transmitted to give you an idea of where the problem may be :) Have a good one!

561
Views
0
Helpful
5
Replies
CreatePlease to create content