Re: TUNNEL UP BUT NO TRAFFIC PASSING THROUGH

godzilla0 · ‎11-06-2008

Hello, we have a customer that has been working with us like 1 month with no problem. We did a connection between a fortigate firewall and a Cisco 2811. Now the tunnel is up but no traffic is going and coming through it. I did remake the whole configuration for this costumer: Key, cryptomap and access-list. The tunnel comes up but again, no traffic is coming or going.

Any hints ?

Thanks.

ajagadee · ‎11-06-2008

Hi,

Below is an excellent document on Most Common L2L and Remote Access IPSec VPN Troubleshooting Solutions.

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml

If this doc does not help, do post your configuration along with the Src and Dest IP Addresses that you are trying to ping across the tunnel.

Regards,

Arul

*Pls rate if it helps*

Richard Burts · ‎11-06-2008

Xavier

The first thing that I would look at would be the access lists that define interesting traffic for encryption. Probably the most common cause of no traffic going over the tunnel is an incorrectly configured, or a mismatched access list.

If the tunnel comes up that would indicate that the peering, authentication, and IPSec policies match.

I find that the output of show crypto map can be helpful in resolving issues like this.

HTH

Rick

HTH

Rick

msantiveri · ‎12-02-2008

Take a look of subnet masks of the ACL that defines interesting traffic at both sides