Resolve Network Tunnel Inactivity On Umbrella Dashboard

Available Languages

Download Options

  • PDF     (122.1 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (197.0 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (151.5 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:October 7, 2025
Document ID:225158

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes how to troubleshoot network tunnels showing as inactive on the Umbrella Dashboard.

    Problem

    After adding network tunnels, the tunnels appear on the Umbrella Dashboard as inactive.

    Troubleshoot

    1. Enable logging for the default Cloud-Delivered Firewall (CDFW) policy to activate network tunnels. Your network tunnels only show as "active" if logging for the default Cloud-Delivered Firewall (CDFW) policy is enabled:

    Umbrella Dashboard360062629451

    2. If logging is enabled, run this command on the router where the network tunnels are configured:

    show crypto ikev2 sa

    Ensure that the source IP address is an internal IP address from the user network as per RFC 1918. Check your configuration according to this guide: Network Tunnel Configuration. If the error continues, please create a ticket with the show crypto ikev2 sa command along with the CDFW logs to our Support Team for assistance.

    Revision History

    Revision Publish Date Comments
    1.0
    07-Oct-2025
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    • Shannon Johnson
      Technical Education Content Developer

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products