Bytes-Out: 0(0B) Phase 2 IPSec tunnel

ioanmario99 · ‎07-29-2024

Hello,

I have an issue with Phase 2 of VPN tunnels.

Despite I checked IPs to be whitelisted and configuration to matches on both ends, I can't send traffic to the partner end.

Any advice on troubleshooting this or check the potential issue ?

MHM Cisco World · ‎07-29-2024

what is the platform you use ?

MHM

ioanmario99 · ‎07-29-2024

I use Pfsense

ccieexpert · ‎07-29-2024

the question is what are you using on the other side. a tunnel has two endpoints. what is other side of the pfsense ?

have you tried to generate traffic from pfsense side and are you seeing the outbound packet / SA traffic increase ?

MHM Cisco World · ‎07-29-2024

if one side is cisco I can help you if not sorry maybe other can help you

thanks a lot

MHM

ccieexpert · ‎07-29-2024

It is clear that packets are coming to pfsense but no packets are going out..

Please check the protected traffic (source and destination) that you define in the crypto acl is correct ? and traffic from the pfsense side is received by the pfsense correctly.. can you put some subnets on each side and show the ipsec sa etc so we can understand this better.

are you using a ASA or ios router on the other side ? please get "show crypto ipsec sa" from the cisco side.