Hi, I'm trying to establish a VPN connection to a third party, but I can not generate traffic and that is why as the in the recipient end of the VPN does not work. His only answer is that we not generates traffic through the tunnel so the connection is not completed.
My SA indicates ACTIVE with state down, and my tunnel interface appears READY.
The connection I have configured several times and no success, I checked all the points and seemingly everything is correct, in politics that I have configured TRUST to UNTRUST does appear as sent traffic (bytes sent) but ZERO bytes received.
My question is: how I can ensure that traffic is being sent through the tunnel?, all I can see are the statistics of the physical interface but not the tunnel interface. I need to know how I can find these data to ensure to the third party traffic is being sent through the tunnel because I think it is at the other end where they have mistakenly configured same ACL mask some wrong (is a CISCO router), but I can not access your configuration or see his debugs.
Using debug flow basic and with dst-ip 172.18.1.1, all I can see is the following, but I do not know whether it is sufficient to ensure that traffic is being sent through the tunnel interface:
- My lan trust is 192.168.0.1 in ethernet0/4.4 y and the client is 192.168.0.2
- My interface tunnel.1 (untrust) numbered is 172.18.2.1 with DIP 172.18.2.2 beacuse the third party need that I do NAT with this lan.
- Destination: 172.18.1.1, configured the route 172.18.1.0 to go by interface tunnel.1 (0.0.0.0 -> ethernet0/2).
The VPN is configuring for outgoing for ethernet0/2 (untrust) bind by tunnel.1, the ping is since client ethernet0/4.4 (trust) (the SA is ACTIVE and my interface tunnel is READY with phase 2 completed) to 172.18.1.1 that accept ICMP traffic.
Attached file with debugging basic flow-ip dst 172.18.1.1 if it is sufficient to show that the traffic is being sent through the tunnel. I've never seen any error, packet drop, etc..
Any ideas? greetings
#vpn#traffic#Tunnel#flow