Re: L2L Tunnel allows traffic one way, but not the other.

benrad · ‎02-23-2010

I have 2 L2L tunnels set up with two outside contractors. I am using a 3005 device and the tunnels are up and active. Each contractor is able to pass traffic to my local network (ping devices on our private IP) however I am not able to get to their local networks. If I trace from our internal network to an IP on the contractor's side, the packets hit our concentrator and then take the default route out to the external interface of the VPNC and stop. It was my understanding that once a tunnel is up, the VPNC should know where to route traffic destined for that tunnel. However this is not the case. I'm not sure what I'm doing wrong.

Federico Coto Fajardo · ‎02-25-2010

Hi,

Need to make sure that you have the interesting traffic defined correctly on your end (VPN Concentrator). Mirror of the VPN traffic on the contractor's side.

Also, that there's a route pointing to the remote network to the next-hop for the VPN tunnel path on the Concentrator as well.

If you're doing a traceroute from your side, and the traffic is reaching the VPN, but being sent out to the Internet, it means its not triggering the tunnel, so check the suggestions above.

Federico.

benrad · ‎02-25-2010

It turns out it was a NATing issue with our Checkpoint firewall. The tunnel was rejecting the traffic because it didn't recognize the ip.

Thanks,

Ben

Federico Coto Fajardo · ‎02-25-2010

Glad it is working ;-)

Federico.