Question : One way traffic only after IPSec tunnel established successfully

I'm trying to get some general idea about why traffic would only flow one way through an IPSec tunnel.

Both end devices (a Billion BiPAC 7402NX and a Cybertec 2000 series 3G modem/router) report a successfully established IPSec tunnel, but when I ping any device on the Cybertec end's subnet (or even the Cybertec's LAN address), I can see the traffic going out through the Billion, but no reply coming back.

I'm guessing there's some sort of routing problem at the Cybertec end and that it's sending traffic for the other end's LAN subnet over the WAN interface rather than through the tunnel (despite being told the tunnel is responsible for traffic to the the Billion's LAN subnet) - could there be any other causes?

I'll post config screens and tunnel establishment messages if necessary, but for the moment was trying to grasp generally what might be going wrong.

TIA

Sean

Answer : One way traffic only after IPSec tunnel established successfully

Are you talking about Phase 1 IDs or Phase 2 IDs (sometimes called Proxy ID)? I suppose latter, because if Phase 1 IDs, no connection should have been established.

Using Proxy ID for routing restriction is common on low-end devices. Some business devices use the Proxy ID for further restriction (what I consider as use- and senseless), i.e. the existing firewall rules are narrowed down to the networks negotiated. That way you can provide a more restrictive Proxy ID, but not a more generous one.

I see I have been right with my assumption of firewalls being in the way. I suppose the IDs are not creating the routing entries, but the firewall rules.