Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
344
Views
0
Helpful
2
Replies

Tunnel is up but no traffic

D@1984
Level 1
Level 1

‎08-14-2023 04:28 PM

I have configured a tunnel and doing 'show crypto ikev2 sa' and 'show crypto ipsec sa', I can see that there is no issue. by doing pings, 'show access-list' verifying the hits, and doing 'show crypto ipsec sa', I can see the encrypted packets increasing, however I have 0 decaps!

I assume that the other end might not responding, but how can I prove that the traffic actually passing through the tunnel? Is there any command I can use? perhaps packet capture or debug(I have an ISR router)?

 

Labels:
0 Helpful
2 Replies 2

Flavio Miranda
VIP
VIP

‎08-14-2023 05:54 PM

Hi D@1984 

 You can prove it by showing the encaps. If you have encaps packets means the traffic is leaving you router/firewall and it is not returning as you have no decaps.

 Ask the other side to verify the access-list.

0 Helpful

Kamal Malhotra
Cisco Employee
Cisco Employee

‎08-16-2023 07:47 AM

Encaps in the 'show crypto ipse sa' and ESP packets in the outbound captures on the WAN interface should be enough evidence. You can also recommend them to check for decals on their device and also for inbound packet captures on the WAN interface of the peer device.

0 Helpful
Customers Also Viewed These Support Documents