hello,

I have generated traffic between LAN, it continues the same without getting up

Also when I ping it from the firewall itself I don't get to the other end, I attach the screenshots:

> ping 195.64.187.247
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 195.64.187.247, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/28/30 ms

NAT: I have NAT configured, it worked correctly, until it suddenly stopped working, because the vpn timed out due to lack of traffic between both sites

nat (inside_2,outside) source static local_net local_net_nat

- when i run is command for firewall not responding:

> system support firewall-engine-debug

Please specify an IP protocol: icmp

Please specify a client IP address: 46.35.117.160

Please specify a server IP address: 195.64.187.247

Monitoring firewall engine debug messages

^C Caught interrupt signal exiting.

- Regarding the update, it is in its latest version

> show crypto isakmp sa

There are no IKEv1 SAs

IKEv2 SAs:

There are no IKEv2 SAs

I launch a packet-tracer to the destination lan and it stays at the next point: packet_trace_inside.txt

Thank you.

Also when I ping it from the firewall itself I don't get to the other end, I attach the screenshots:

> ping 195.64.187.247
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 195.64.187.247, timeout is 2 seconds:
!!!!!

That meaning you can ping tunnel head or not?

Phase: 3
Type: NAT
Subtype:
Result: ALLOW
Config:
nat (inside_2,outside) source static local_net local_net_nat_telrad
Additional Information:
Static translate 192.100.9.94/0 to 10.77.158.94/0
 Forward Flow based lookup yields rule:
 in  id=0x2acb229d6ea0, priority=6, domain=nat, deny=false
        hits=46443, user_data=0x2acb229d6110, cs_id=0x0, flags=0x0, protocol=0
        src ip/id=192.100.9.0, mask=255.255.255.0, port=0, tag=any
        dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0

This indicates the Traffic NATing with this NAT statement 

Ping from local to remote side and check hit count of this NAT.

Hi,

Yes, this corresponds to another tunnel that I have, which in this case is: Static translate 192.100.9.94/0 to 10.77.158.94/0
The one I'm having trouble with is:Static translate 192.100.9.94/0 to 10.36.7.94

6 (inside_2) to (outside) source static local_net local_net_nat_telrad
translate_hits = 46586, untranslate_hits = 0
7 (inside_2) to (outside) source static local_net local_net_nat_ingesa
translate_hits = 0, untranslate_hits = 0

You must use remote LAN instead of any in destiantion of NAT statement.

Do that and generate traffic and I think vpn will be up again 

Hi,

It seems to be working again, thank you very much for your help. So the error was in the NAT declaration, the destination LAN (remote) was not specified.

Thank you very much again

Correct'

You are so so welcome.

Have a nice day 

Great to know it is working, please mark as answered the proper reply. It will be useful for other members.