Re: VPN tunnel using LTE modem

Thanks, the SSG140 has the peer gateway setup as dynamic with Peer ID, attached.

And i initiate traffic from remote site and tunnel seems to come up but neither end Receives traffic? The routes exists but the tunnel never shows as Up and never passes traffic

Remote LTE-> get sa id 1
index 0, name Colo_VPN, peer gateway ip 1x.x.x.x. vsys<Root>
auto key. tunnel if binding node, tunnel mode, policy id in:<-1> out:<-1> vpngrp:<-1>. sa_list_nxt:<-1>.
tunnel id 1, peer id 0, NSRP Local. site-to-site. Local interface is ethernet0/0 <10.129.215.93>.
esp, group 2, 3des encryption, sha1 authentication
autokey, IN active, OUT active
monitor<1>, latency: -1, availability: 0
DF bit: clear
app_sa_flags: 0x24000e7
proxy id: local 172.16.142.0/255.255.255.0, remote 172.16.10.0/255.255.255.0, proto 0, port 0/0
ike activity timestamp: 67401437
DSCP-mark : disabled
nat-traversal map not available
incoming: SPI d5310d7a, flag 00004000, tunnel info 40000001, pipeline
life 3600 sec, 907 remain, 0 kb, 0 bytes remain
anti-replay on, last 0x0, window 0x0, idle timeout value <0>, idled 2693 seconds
next pak sequence number: 0x0
bytes/paks:0/0; sw bytes/paks:0/0
outgoing: SPI ff8815a9, flag 00000000, tunnel info 40000001, pipeline
life 3600 sec, 907 remain, 0 kb, 0 bytes remain
anti-replay on, last 0x0, window 0x0, idle timeout value <0>, idled 4 seconds
next pak sequence number: 0x111
bytes/paks:319118/6997; sw bytes/paks:319118/6997

SSG140-> get sa id 43
index 12, name LTE_VPN, peer gateway ip 166.170.221.15. vsys<Root>
auto key. tunnel if binding node, tunnel mode, policy id in:<-1> out:<-1> vpngrp:<-1>. sa_list_nxt:<-1>.
tunnel id 43, peer id 13, NSRP Local. site-to-site. Local interface is bgroup0/0 <1x.x.x.x.>.
esp, group 2, 3des encryption, sha1 authentication
autokey, IN active, OUT active
monitor<0>, latency: 0, availability: 0
DF bit: clear
app_sa_flags: 0x2400067
proxy id: local 172.16.10.0/255.255.255.0, remote 172.16.142.0/255.255.255.0, proto 0, port 0/0
ike activity timestamp: 32918843
DSCP-mark : disabled
nat-traversal map not available
incoming: SPI ff8815a9, flag 00004000, tunnel info 4000002b, pipeline
life 3600 sec, 365 remain, 0 kb, 0 bytes remain
anti-replay on, last 0x0, window 0x0, idle timeout value <0>, idled 3235 seconds
next pak sequence number: 0x0
bytes/paks:0/0; sw bytes/paks:0/0
outgoing: SPI d5310d7a, flag 00000000, tunnel info 4000002b, pipeline
life 3600 sec, 365 remain, 0 kb, 0 bytes remain
anti-replay on, last 0x0, window 0x0, idle timeout value <0>, idled 5 seconds
next pak sequence number: 0x5
bytes/paks:354/5; sw bytes/paks:354/5