Last updated:

Verify the VPN Tunnel

A configured router added to a session will establish a VPN tunnel to Cisco dCloud automatically when your session is active. This process is typically transparent and reliable. In situations where you are unsure if the VPN tunnel is established or for additional information when troubleshooting, use the steps in this document.


Before you can troubleshoot your VPN tunnel, ensure that you have met the follow pre-requisites:

  • You added your router to a session when you scheduled the session or after the session became active.
  • Your session is active.

Testing Connectivity

  1. Using a straight through Ethernet cable, connect the Wired Client to an available port on the router. This will vary by router model; however, all routers recommended for use with Cisco dCloud will have an available port.

Screenshot showing how to connect the ethernet cables to the back of an 819W router

  1. Configure the Ethernet port on the Wired Client to receive its IP address via DHCP.
  2. Confirm that the Wired Client has received an IP address.
  3. From the Wired Client, browse to to access the Cisco dCloud UI and log in with your credentials.
  4. Use the Bandwidth Test to verify that the port needed for VPN connectivity (TCP 443) is not blocked at your site.
  5. From the Wired Client, ping AD1 at This ping should be successful.
  6. From the Wired Client, Telnet to the router at You will not be prompted to login.
  7. Use the following commands to verify the state of the VPN tunnel.• show crypto isakmp sa – should show a state of QM_IDLE.• show crypto ipsec client ezvpn – should show a state of IPSEC ACTIVE

Screenshot of the VPN verification commands and their output

  1. If the VPN tunnel is not up, issue a ping to AD1 sourced from VLAN 10.

Screenshot showing the output from pinging AD1 from VLAN 10