--- title: "My VPN Tunnel is connected to Acquia Cloud, but is not working" date: "2022-04-18T16:27:42+00:00" summary: image: type: "article" url: "/acquia-cloud-platform/help/94466-my-vpn-tunnel-connected-acquia-cloud-not-working" id: "e22e0de0-d6c2-4534-af05-902f0af80eef" --- Issue ----- My VPN tunnel is established, but things are still not working as expected.  _If you are having trouble establishing the tunnel to Acquia Cloud, see our troubleshooting tips:_ [Tips for setting up a VPN Tunnel to your Acquia Cloud servers](/node/94191) Resolution ---------- Rule out the following: * **SSH** - Ensure you are using the proper SSH command when attempting to SSH. This will follow the pattern \[sitegroup\].\[env\]@\[web-IP-address\] * **Ports**. Confirm your internal network ports are open. Confirm the listening port to be used within your internal network is set correctly.  * **IP overlap**. Confirm that your internal private network and Acquia Shield VPC private network IP's are not overlapping, because overlapping subnets can cause routing issues over a VPN tunnel. * **Requirements for gateways**. Confirm that the IPsec configuration internal to your device satisfies AWS [requirements for customer gateways](https://docs.aws.amazon.com/vpn/latest/s2svpn/your-cgw.html#CGRequirements). * **Policy-based VPN**. If your network is using a policy-based VPN, verify that you have correctly defined the source and destination networks in your encryption domain. * Acquia's tunnel endpoints will only accept a single SA Proposal if you are using a Policy-Based VPN, meaning your device can only reference one source and one destination for each tunnel.  * **Route-based VPN**. If you are using a route-based VPN, confirm that you have correctly configured routes to your Acquia Shield VPC. * **More troubleshooting:** * AWS also provides more detailed troubleshooting docs organized by gateway device [here](https://docs.aws.amazon.com/vpn/latest/s2svpn/Troubleshooting.html). * More general troubleshooting info can be found from [AWS](https://aws.amazon.com/premiumsupport/knowledge-center/vpn-cgw-vpg-traffic/). If you have checked the above information and it is correct, yet still need assistance, please provide the following troubleshooting information in a [Support ticket](/node/55832): * Ping between your internal network and a server within your Acquia Shield VPC. $ ping 52.29.81.245 PING 52.29.81.245 (52.29.81.245): 56 data bytes 64 bytes from 52.29.81.245: icmp_seq=0 ttl=39 time=174.301 ms 64 bytes from 52.29.81.245: icmp_seq=1 ttl=39 time=177.961 ms 64 bytes from 52.29.81.245: icmp_seq=2 ttl=39 time=174.609 ms --- 52.29.81.245 ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet lossround-trip min/avg/max/stddev = 174.301/175.624/177.961/1.658 ms * Attempt a [traceroute](https://www.wikihow.com/Traceroute) from your network to a server within your Acquia Shield VPC. * Confirm that traffic is not blocked by any firewall rules with your Network Administrator. If possible, disable all firewall rules for a brief period of time to test the connection.  * Your VPN policy/configuration being used in your router/firewall. * Any network error logs with a timestamp and relevant timezone information, if not in UTC. * Screenshots of your configuration and/or network diagrams that you think may be helpful.