Tunnel Is Established but Unable To Pass Traffic

Tunnel Is Established but Unable To Pass Traffic

Even if a tunnel is established, as verified in the preceding section, traffic still might not be able to flow for several reasons. The following steps will help in troubleshooting the problem with data passing across the tunnel:

1.
Routing issues

If either or both sides of encryption or decryption counters are not incrementing with show crypto ipsec sa command output, there might be an issue with routing. Be sure that you have a route defined for the remote side private network that is pointing to the gateway of the router through the interface where the crypto map is applied. To verify that the routing is taking place properly, you might want to run debug ip packet detailed. Example 6-18 shows how to run debug ip packet detailed for traffic originating from 10.1.1.10 behind the Dhaka router going to FTP server behind the Doha router, which has an IP address of 10.1.2.10 across the tunnel.