topic Re: S2S VPN 2 VRs not working in General Topics

S2S VPN 2 VRs not working

Pantelis — Thu, 12 May 2022 14:00:04 GMT

Hello,

I have an external IP /30 network. I also have another external IP /28.

I have created 2 VRs (with their ZONES).

VR1 is the main router with the /30 IP used for Internet connection.

VR2 is the second router (the one I just created)

I assigned one of the /28 IP to the second VR. When I terminate a S2S vpn (from another PA Box) to this IP(/28) the IPSEC tunnel is up but there is no inbound interesting traffic .

There is outbound traffic, the other site tries to reply to the ping request but no incoming traffic is captured on the box I have the problem(no drops, no nothing).

On the other side there both in/out bound traffic.

When I terminate the S2S tunnel with the /30 IP (eventhough the tunnel is assigned to a zone on the second VR) the IPSEC tunnel is working as expected.

Any suggestion/thoughts

Thank you in advance

Re: S2S VPN 2 VRs not working

OtakarKlier — Thu, 12 May 2022 16:26:49 GMT

Hello,

My guess would be asymmetric routing. Any reason you are using 2 VR's? Just asking since I usually like to keep things simple.

Regards,

Re: S2S VPN 2 VRs not working

Pantelis — Mon, 16 May 2022 09:48:45 GMT

That was my initial though but there is no other device between the 2 boxes...

The first one is sending paccket, second is accepting them and replies.

But no replies on the first one (no drops no nothing) I will keep on searching.

In any case is this a valid approach (assuming that is done correctly should it be working)?

The reason is the integration of 2 networks (one is quite sensitive). I want to have different routing table for each VR...