VPN Problem - Monitor Traffic

paxpaw0202 · ‎01-19-2008

I have a problem with a site to site VPN tunnel.

I have setup a tunnel with a remote site (138.3.0.0/16) to my site (10.212.0.0/16 10.147.108.0/24). The remote site can initiate Phase 2 but does not get a ping response.

Phase 2 is not even attempted when the local site pings a server on the remote site. Please could someone help resolve the problem or advise how I can troubleshoot the connection? How can I monitor traffic in the VPN tunnel?

Config attached

ajagadee · ‎01-19-2008

You have access-lists applied on the inside and dmz interface and I do not configuration permitting traffic from 10.212.0.0/16 10.147.108.0/24 going to 138.3.0.0/16.

Please configure the permit statements and then test the IPSEC Tunnel.

Regards,

Arul

paxpaw0202 · ‎01-20-2008

Thanks for the reply:

The N2_outbound access-lis:

access-list N3_outbound extended permit ip any any

is applied to the inside interface:

access-group N3_outbound in interface inside

and permits traffic from the inside to dmz3.

There is no statement that allows 138.3.0.0/16 back into the dmz3 interface, but I thought that the vpn tunnel would by-pass the ACL. Please could you advice what statements are required?

Thanks