Why can't traffic get through my active connection?

For application traffic to flow through a connection, the right configurations must be in place, including Access Control Lists (ACLs), which define what traffic is allowed or denied.

Your connection is active, but traffic is not getting through.

An interoperability issue might exist.

Follow these steps to resolve this issue:

  1. Make sure that NAT-Traversal is enabled on the peer, if it's a configurable option. For more information, see Known issues for VPN gateways.
  2. Make sure that ACLs are configured correctly on both sides to allow application traffic. For example, ensure that traffic from your local subnet (for example, 10.0.0.0/16) to the remote subnet (for example, 192.168.0.0/16) is explicitly permitted using the required protocol and port ranges. Also, verify that no implicit deny rules exist that can block this traffic. For more information, see About network ACLs and Configuring network ACLs for use with VPN.
  3. If you use a policy-based VPN, follow these steps:
  4. If you use a route-based VPN on either side, follow these steps:
    • Configure the routes on each side so that traffic is routed to the VPN gateway correctly and that they don't point to a private IP address. For more information, see About routing tables and routes.
    • If the 2 tunnels are up for your VPN for VPC connection, make sure that the distribute_traffic connection property to set to false if the on-premises side doesn't support asymmetrical route. Furthermore, you must always establish a connection to the smaller IP address. For more information, see Distributing traffic for a route-based VPN.