- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
Site to Site VPN tunnel is up but only passing traffic in one direction
04/22/2021 
1,294 People found this article helpful
65,065 Views
Description
In this scenario there is an active Site-to-Site VPN tunnel up on the SonicWall and the remote device but traffic will only pass in one direction, either from the SonicWall to the remote site or vice versa.
Resolution
NOTE: Capture the Traffic on the SonicWall, and if possible, the remote device.
- Start a continuous ping from a host that is part of the VPN tunnel to a remote host that is also part of the VPN tunnel and capture the traffic on the SonicWall. If the packets are marked as Consumed then they're being put into a VPN, however make sure they are being put into the correct VPN. It is possible to have overlapping VPNs for source and destination on the SonicWall, as well as network address translation policies, which could lead to incorrect routing.
- If the packets are marked as Received then the SonicWall doesn't have a route to send them over and is discarding them. The most common cause of this issue is network address translation, checking the network address translation table on the SonicWall to ensure there are no incorrect NATs is advisable.
- The expected traffic flow for local hosts going across the VPN is to see the Ingress Interface and the packet marked as Consumed. The expected flow for a packet coming to the SonicWall across the VPN is it being marked as Consumed, the forwarded, then forwarded. First the SonicWall will receive the packet from the VPN, then decrypt it which is denoted with the (hc) tag on the Packet Monitor, and finally sent onto the physical wire.
TIP: It is strongly advised to run a Packet Capture on both hosts as well as the remote VPN concentrator to get a complete picture of the traffic flow.
TIP: If you're unfamiliar with setting up a Packet Capture on the SonicWall, please reference 170505277474380
Check the Event Logs
- Access to SonicWall management GUI.
- Click Investigate in the top navigation menu.
- Logs | Event Log can alert you to issues with the VPN Tunnel. Typically this will be IKE Phase 1 and Phase 2 issues but the SonicWall can also track decryption failures, drops, and timeouts.
Setting a filter by either the remote peer public IP address, the local Private IP address, or the remote private IP address will bring up any associated drops or other issues with the traffic flow. If you aren't seeing anything, try setting the Log Monitor to default settings. Click Manage in the top navigation menu and click Log Settings | Base Setup | Import Logging Template and choosing Default.
TIP: You can also access to Log Settings | Base Settings by clicking Go to configure Log from Investigate tab | Event Logs. 
Related Articles
- How to force an update of the Security Services Signatures from the Firewall GUI
- How to upload security services signatures manually on Closed Environments?
- How to Create Gen 7 Settings File by Using the Online Migration Tool
Categories
- Firewalls > TZ Series > VPN
- Firewalls > NSa Series > VPN
- Firewalls > NSv Series > VPN
YES
NO