Troubleshoot VPN is up but no traffic

When the VPN shows online, but you cannot access the host on the remote network, here's are some troubleshooting tips.

1. If the remote PC allows ping?

First, ping requests might be blocked by the PC's firewall by default, and that might be the reason why we couldn't get ping replies. Try some other hosts on the remote network or change the PC's firewall settings.

2. Check the Routing Table to see if the Routings are created correctly

You can see the router's routing table at Diagnostics > Routing Table. In the routing table of, we need to have the route to the remote LAN network via interface VPN.

If there's no correct routing to the remote network, please check the TCP/IP Network Settings in the VPN profile.

3. Is the router the default gateway of the PC?

If a PC has more than one network interface, the traffic might be sent to the interface not connecting to the router, and therefore will not go through the VPN and reach the remote network. To verify if the traffic is sending to the right interface, we may use command “tracert” to see if the first hop is the IP of the router. If it's not, you will need to add a route on the PC manually.

4. If the router has Firewall Policies that block the access?

Check both the VPN peer routers' firewall settings and see if there's something that may block the traffic from or to the remote network. We may also disable Data Filter on both routers for a try.

5. If the router has Route Policies that might send the traffic to another Interface?

Check Route Policies and Static Routes on both VPN peers and see if the router might send the traffic to another interface rather than the VPN. We may also disable Route Oolicy for a try.

6. If the IP settings of both Network are the same?

Please note that if the IP of Local Network and Remote VPN Network are the same, we should translate them before establishing a VPN, or it will cause a routing conflict. (See the article here for detailed instructions.)

7. We're using IPsec AH but the router is behind NAT?

Please note that IPsec with AH cannot pass through NAT, so if any of the routers is behind NAT, it is necessary to create the IPsec tunnel with ESP instead.