Support Center > Search Results > SecureKnowledge Details
VPN Tunnel status is 'Down' in Locally Managed 600 / 1100 appliance's GUI even though the VPN tunnel is up Technical Level
Symptoms
  • Tunnel Test in appliance's Web GUI fails even when the Site-to-Site VPN is established and up between two Locally Managed 600/1100 appliances.

  • In appliance's Web GUI - 'VPN' tab - 'Site to Site' pane - 'VPN Tunnels' - 'Status' column shows 'Down' even though the VPN tunnel is up and traffic passes as expected over the VPN tunnel.

  • The Ping tool / Traceroute tool in appliance's Web GUI ('Home' tab - 'Tools') fails to send pings to hosts located on both VPN Sites (behind appliances).

  • The ping command / tracert command sends pings to hosts successfully when connected to these appliances over SSH.

Cause

At least one of these Locally Managed 600 / 1100 appliances is behind a NAT device (e.g., router).

Example Topology:

Hosts on VPN Site #1 -- [600/1100 appliance #1] -- (VPN TUNNEL) -- [NAT device] -- [600/1100 appliance #2] -- Hosts on VPN Site #2


Solution
Note: To view this solution you need to Sign In .