IPSEC Tunnel up but no traffic passes



  • I need to establish a VPN tunnel to a customer using a Cisco SA540.  We get a phase 1 connection, there are no errors in either log, yet no traffic will pass.  Neither end receives ping responses.
    We tried connecting to Networks (192.168.0.0 - with subnet masks 24 and 18), we tried connecting to specific addresses (192.168.2.158 to 192.168.103.40)…. All with the same results - the Phase 1 connects, we have a tunnel.... But we can't send/receive anything across it.

    We are sure the settings are the same on both ends: AES-128, SHA-1, PFS=2, Lifetime=3600.
    Cisco told the customer they believed the problem "could have something to do with their EarthLink modem setup".
    They have an MPLS system - they have 2 T1's, One T1 connects to the ISP Earthlink and another to her Cisco SA.  The Cisco connects to the LAN and the Earthlink connects to her LAN.  She said this gives all her facilities access to each other on the MPLS system.

    I ran racoon in debug mode but saw no errors there either.....
    Can you make any suggestions?  I'm thinking my best solution may be to install OpenVPN clients on the customer endpoints and forget the tunnel, Cisco, and MPLS!

    Thanks!


Locked