?
Solved

Troubleshooting a Cisco Router VPN tunnel

Posted on 2004-08-12
2
Medium Priority
?
485 Views
Last Modified: 2010-04-17
I'm having a challenge troubleshooting a 1 way VPN tunnel terminating at my Cisco 3620 router and customers Checkpoint Firewall. After debugging the crypto I know the tunnel is built and I can successfully send ICMP traffic into their internal network, however TCP traffic doesn’t flow. The customer indicates he doesn’t see TCP traffic hitting his Firewall. I have 2 other VPN connections built in a similar configuration and they work fine TCP and ICMP. I've run out of ideas.
0
Comment
Question by:ubergenius
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 13

Accepted Solution

by:
td_miles earned 300 total points
ID: 11789171
Assuming that you have an access-list to define interesting traffic to be encrypted, enable logging of the ACL, then see if the traffic you are attempting to send is matching the acl (and hence being encrypted on your ends).

Also ensure that the ACL's that you are using match identically on both ends.
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 15651278
No comment has been added to this question in more than 21 days, so it is now classified as abandoned..
I will leave the following recommendation for this question in the Cleanup topic area:

RECOMMENDATION: Delete - No Refund

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

donjohnston
EE Cleanup Volunteer
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question