troubleshooting ipsec with dynamic side

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

troubleshooting ipsec with dynamic side

L3 Networker

Hello, everyone,

Currently I have the problem to build an IPSec tunnel between a PA200 (A) and a PA220 (B).
My one side A has a Telekom hybrid Internet connection (its a german product with LTE and cable connection) to a Speedport router. Thus only one dynamic official IP.
The other side B is a normal company connection with a fixed IP address. I have configured my tunnel so that only side A is allowed to start the tunnel. (B side enable passive mode)

If I now start the tunnel on page A, I also see in the monitoring at page B the requests ike on port 500 for port 500. Unfortunately then nothing happens further and page A has then a Faild Due to timeout.
You can also see that page A transmits data but does not receive any data.
What could that be? What is the best way to narrow down the problem?

2 REPLIES 2

L0 Member

Hi,

 

Have you configured Proxy-IDs, as if the PA wants to establish an IPSec tunnel with Non-PA device, we need to configure it because of Route based approach.

Cyber Elite
Cyber Elite

Hello,

I have sites with multiple VPN's and I think I understand what you are trying to accomplish. You want all traffic to go down TunnelA as primary with TunnelB as secondary? If yes, setup the tunnels the same with settings on both. Both tunnels will be up at the same time, this is OK. Then control traffic with routing, either static routes with monitors and weights or OSPF with Metrics.

 

Hope that helps.

  • 2485 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!