Why can't traffic get through my active connection?

For application traffic to flow through a connection, the right configurations must be in place, including ACLs configured on both sides.

Your connection is active, but traffic is not getting through.

An interoperability issue might exist.

Follow these steps to resolve this issue:

1. Make sure that NAT-Traversal is enabled on the peer, if it's a configurable option.
2. Make sure that ACLs are configured properly on both sides to allow application traffic.
3. If you're using a policy-based mode VPN with a static, route-based VPN peer and multiple CIDR subnets on either side, create multiple connections with one CIDR subnet pair per connection.
4. If you're using a Cisco Adaptive Security Appliance (ASA) as the peer of VPN for VPC with multiple CIDRs and subnets that are configured on the Cisco side, try moving different subnets to separate connections.
5. If you're using a route-based VPN on either side, configure the routes on each side properly so that traffic is routed to the VPN gateway correctly.
6. If you're using a route-based VPN and the 2 tunnels are up for your VPN for VPC connection, make sure that the distribute_traffic connection property to set to false if the on-premises side doesn't support asymmetrical route. For more information, see the Distributing traffic for a route-based VPN use case.