Cisco Support Community
Community Member

VPN Issue

Hello All:

I'm not sure this is even a router issue but have a problem with a site to site tunnel created on our FW.

The circuit in question delivered by ISP to our 3640. Router to FW vai FA0/1 which is assigned our global IP 66.52.5.x

The tunnel is setup with a client through our Sonicwall and inidcates that it's up with end to end connectivity. The problem is, we cannot pass traffic.

If I trace from the segment of our internal network which will use this tunnel, it hits our global ip the the 3640 router and dies (66.52.5.x).

According to Sonicwall, there should be no need to NAT on the router or do anything for that matter because the FW will handle everything through the VPN configuration.

So the million dollar question is why does this tunnel show green yet packets hit the router and die on the way out.

Like I said, not sure of this is even a router issue but it appears it maybe since the FW shows the tunnel up but yet no traffic can get past the router. Any thoughts on this would be greatly appreciated.

Thanks in advance

Cisco Employee

Re: VPN Issue


The Sonicwall "green" light about the tunnel status should be taken with a grain of salt, as it requires an additional keepalive or a similar mechanism to reliably determine if the tunnel is really workable.

You have written that if you traceroute the path through the tunnel, the last hop is the 3620 router. After that, no answers are received. Following from that, I see three most common possibilities:

1.) The tunnel is not working

2.) The routing on the 3620 is not set up properly so the packets do not enter the tunnel

3.) The other endpoint of the tunnel receives your packets but does not know where to send the replies (again, a routing issue - on the opposite end of the tunnel)

I suggest eliminating these three possibilities before proceeding further.

Best regards,


CreatePlease to create content