Site to site tunnel up but only one subnet passes traffic

MSP Toolkit
Minimal guidance for messy support realities.
Submitted by Anonymous (not verified) on

Scenario

A site-to-site VPN reports healthy, but devices on one subnet cannot communicate while others work.

Recommended Resolution Path

  1. Compare encryption domains, phase two selectors, and NAT exemption rules on both sides.
  2. Use packet captures to confirm whether interesting traffic enters the tunnel at all.
  3. Check for asymmetric routing caused by a newly added subnet or WAN edge change.
  4. Update tunnel documentation so the missing subnet is not forgotten during the next change window.

Technician Notes

Document what changed, what confirmed the fix, and whether the issue points to a broader standards gap worth addressing for the client.

Subjects
Networking
Firewalls & Routing