This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
LM-Rafael
Collaborator
Monday
In response to the_rock

Hi Andy,

Thanks for your support. I have researched the issue, and now the tunnel is up again, but no traffic is routing through it.

Issues I have found and fixed:

  • ICMP to the WAN IP was not allowed → FritzBox log showed a timeout → This is now fixed.
  • Backup and primary WAN → Set the default gateway to the VPN WAN → OK.

However, I don't understand why the tunnel is up, but no traffic is going through it.

Here is the output of the command: vpn tu

[Expert@LMENFW01:0]# vpn tu

********** Select Option **********

(1) List all IKE SAs
(2) * List all IPsec SAs
(3) List all IKE SAs for a given peer (GW) or user (Client)
(4) * List all IPsec SAs for a given peer (GW) or user (Client)
(5) Delete all IPsec SAs for a given peer (GW)
(6) Delete all IPsec SAs for a given User (Client)
(7) Delete all IPsec+IKE SAs for a given peer (GW)
(8) Delete all IPsec+IKE SAs for a given User (Client)
(9) Delete all IPsec SAs for ALL peers and users
(0) Delete all IPsec+IKE SAs for ALL peers and users

* To list data for a specific CoreXL instance, append "-i <instance number>" to your selection.

(Q) Quit

*******************************************

1

Peer 212.117.93.31 , Office_VPN_GW SAs:

IKE SA <66551d2d7a4f33fd,b76ce610f7d24c5f>

IKE SA <919933155d887ea6,f74a584a613eace3>

 

Hit <Enter> key to continue ...

********** Select Option **********

(1) List all IKE SAs
(2) * List all IPsec SAs
(3) List all IKE SAs for a given peer (GW) or user (Client)
(4) * List all IPsec SAs for a given peer (GW) or user (Client)
(5) Delete all IPsec SAs for a given peer (GW)
(6) Delete all IPsec SAs for a given User (Client)
(7) Delete all IPsec+IKE SAs for a given peer (GW)
(8) Delete all IPsec+IKE SAs for a given User (Client)
(9) Delete all IPsec SAs for ALL peers and users
(0) Delete all IPsec+IKE SAs for ALL peers and users

* To list data for a specific CoreXL instance, append "-i <instance number>" to your selection.

(Q) Quit

*******************************************

2

SAs of all instances:

Peer 212.117.93.31 , Office_VPN_GW SAs:

IKE SA <66551d2d7a4f33fd,b76ce610f7d24c5f>
INBOUND:
1. 0xc2c3f2ef (i: 2)
OUTBOUND:
1. 0x952272db (i: 2)

IKE SA <919933155d887ea6,f74a584a613eace3>
INBOUND:
1. 0xbe531669 (i: 2)
OUTBOUND:

 

Any ideas?

Thanks

Rafael

(1)
Who rated this post