Issue
My VPN tunnel is established, but things are still not working as expected.
If you are having trouble establishing the tunnel to Acquia Cloud, see our troubleshooting tips: Tips for setting up a VPN Tunnel to your Acquia Cloud servers
Resolution
Rule out the following:
- Ports. Confirm your internal network ports are open. Confirm the listening port to be used within your internal network is set correctly.
- IP overlap. Confirm that your internal private network and Acquia Shield VPC private network IP's are not overlapping, because overlapping subnets can cause routing issues over a VPN tunnel.
- Requirements for gateways. Confirm that the IPsec configuration internal to your device satisfies AWS requirements for customer gateways.
- Policy-based VPN. If your network is using a policy-based VPN, verify that you have correctly defined the source and destination networks in your encryption domain.
- Acquia's tunnel endpoints will only accept a single SA Proposal if you are using a Policy-Based VPN, meaning your device can only reference one source and one destination for each tunnel.
- Route-based VPN. If you are using a route-based VPN, confirm that you have correctly configured routes to your Acquia Shield VPC.
- More troubleshooting:
If you have checked the above information and it is correct, yet still need assistance, please provide the following troubleshooting information in a Support ticket:
- Ping between your internal network and a server within your Acquia Shield VPC.
$ ping 52.29.81.245 PING 52.29.81.245 (52.29.81.245): 56 data bytes 64 bytes from 52.29.81.245: icmp_seq=0 ttl=39 time=174.301 ms 64 bytes from 52.29.81.245: icmp_seq=1 ttl=39 time=177.961 ms 64 bytes from 52.29.81.245: icmp_seq=2 ttl=39 time=174.609 ms --- 52.29.81.245 ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet lossround-trip min/avg/max/stddev = 174.301/175.624/177.961/1.658 ms
- Attempt a traceroute from your network to a server within your Acquia Shield VPC.
- Confirm that traffic is not blocked by any firewall rules with your Network Administrator. If possible, disable all firewall rules for a brief period of time to test the connection.
- Your VPN policy/configuration being used in your router/firewall.
- Any network error logs with a timestamp and relevant timezone information, if not in UTC.
- Screenshots of your configuration and/or network diagrams that you think may be helpful.