Hello all!
My problem is that the actual Phase 1 and 2 tunnel are going with the right cluster IP-address as source (1.1.1.1), VPN tunnel gets established. But the actual ESP packets get a source of the another physical interface (eth2.517 2.2.2.2), and traffic is not reaching Azure network from on-prem network.
I have TAC case created, which is already a third case, but we are not getting anywhere. So maybe anyone have any idea what could be wrong.
Setup:
Check Point on-prem:
eth1 - 1.1.1.1 - DMZ VPN IP in Link Selection (the IP that is supposed )
eth2.517 - 2.2.2.2 - External IP looking towards ISP Provider
Fortigate in Azure:
3.3.3.3 - Fortigate External IP
SXL for this VPN is off.
1.1.1.1. is also configured as outgoing source IP address.
Current route towards Fortigate in Azure points to the gateway of interface eth2.517 (2.2.2.3)
Tried to add a route via interface eth1, but it didn't make a difference.
tcpdump:
11:00:26.728559 IP 3.3.3.3.4500 > 1.1.1.1.4500: isakmp-nat-keep-alive
11:00:27.064264 IP 1.1.1.1.4500 > 3.3.3.3.4500: NONESP-encap: isakmp: phase 2/others ? #37
11:00:27.064266 IP 1.1.1.1.4500 > 3.3.3.3.4500: NONESP-encap: isakmp: phase 2/others ? #37
11:00:27.064267 IP 1.1.1.1.4500 > 3.3.3.3.4500: NONESP-encap: isakmp: phase 2/others ? #37
11:00:27.080591 IP 3.3.3.3.4500 > 1.1.1.1.4500: NONESP-encap: isakmp: phase 2/others ? #37[]
11:00:28.749675 IP 2.2.2.2.4500 > 3.3.3.3.4500: UDP-encap: ESP(spi=0x828309d1,seq=0x1), length 104
11:00:28.749677 IP 2.2.2.2.4500 > 3.3.3.3.4500: UDP-encap: ESP(spi=0x828309d1,seq=0x1), length 104
11:00:28.749677 IP 2.2.2.2.4500 > 3.3.3.3.4500: UDP-encap: ESP(spi=0x828309d1,seq=0x1), length 104
11:00:33.389009 IP 2.2.2.2.4500 > 3.3.3.3.4500: UDP-encap: ESP(spi=0x828309d1,seq=0x2), length 104
11:00:33.389011 IP 2.2.2.2.4500 > 3.3.3.3.4500: UDP-encap: ESP(spi=0x828309d1,seq=0x2), length 104
11:00:33.389011 IP 2.2.2.2.4500 > 3.3.3.3.4500: UDP-encap: ESP(spi=0x828309d1,seq=0x2), length 104
11:00:36.680128 IP 3.3.3.3.4500 > 1.1.1.1.4500: isakmp-nat-keep-alive
11:00:38.406597 IP 2.2.2.2.4500 > 3.3.3.3.4500: UDP-encap: ESP(spi=0x828309d1,seq=0x3), length 104
11:00:38.406598 IP 2.2.2.2.4500 > 3.3.3.3.4500: UDP-encap: ESP(spi=0x828309d1,seq=0x3), length 104
11:00:38.406599 IP 2.2.2.2.4500 > 3.3.3.3.4500: UDP-encap: ESP(spi=0x828309d1,seq=0x3), length 104
11:00:43.403640 IP 2.2.2.2.4500 > 3.3.3.3.4500: UDP-encap: ESP(spi=0x828309d1,seq=0x4), length 104
11:00:43.403641 IP 2.2.2.2.4500 > 3.3.3.3.4500: UDP-encap: ESP(spi=0x828309d1,seq=0x4), length 104
11:00:43.403642 IP 2.2.2.2.4500 > 3.3.3.3.4500: UDP-encap: ESP(spi=0x828309d1,seq=0x4), length 104
11:00:46.631720 IP 3.3.3.3.4500 > 1.1.1.1.4500: isakmp-nat-keep-alive
11:00:48.395170 IP 2.2.2.2.4500 > 3.3.3.3.4500: UDP-encap: ESP(spi=0x828309d1,seq=0x5), length 104
11:00:48.395171 IP 2.2.2.2.4500 > 3.3.3.3.4500: UDP-encap: ESP(spi=0x828309d1,seq=0x5), length 104
11:00:48.395172 IP 2.2.2.2.4500 > 3.3.3.3.4500: UDP-encap: ESP(spi=0x828309d1,seq=0x5), length 104
fw monitor:
[vs_0][fw_0] bond12.517:i9 (tcpt inbound)[44]: 3.3.3.3 -> 1.1.1.1 (UDP) len=256 id=16574
[vs_0][fw_0] bond12.517:i10 (IP Options Strip (in))[44]: 3.3.3.3 -> 1.1.1.1 (UDP) len=256 id=16574
[vs_0][fw_0] bond12.517:i11 (vpn multik forward in)[44]: 3.3.3.3 -> 1.1.1.1 (UDP) len=256 id=16574
[vs_0][fw_0] bond12.517:i12 (vpn decrypt)[44]: 3.3.3.3 -> 1.1.1.1 (UDP) len=256 id=16574
[vs_0][fw_0] bond12.517:i13 (l2tp inbound)[44]: 3.3.3.3 -> 1.1.1.1 (UDP) len=256 id=16574
[vs_0][fw_0] bond12.517:i14 (Stateless verifications (in))[44]: 3.3.3.3 -> 1.1.1.1 (UDP) len=256 id=16574
[vs_0][fw_0] bond12.517:i15 (fw multik misc proto forwarding)[44]: 3.3.3.3 -> 1.1.1.1 (UDP) len=256 id=16574
[vs_0][fw_0] bond12.517:i16 (vpn tagging inbound)[44]: 3.3.3.3 -> 1.1.1.1 (UDP) len=256 id=16574
[vs_0][fw_0] bond12.517:i17 (vpn decrypt verify)[44]: 3.3.3.3 -> 1.1.1.1 (UDP) len=256 id=16574
[vs_0][fw_0] bond12.517:i18 (fw VM inbound )[44]: 3.3.3.3 -> 1.1.1.1 (UDP) len=256 id=16574
[vs_0][fw_0] bond12.517:I19 (vpn policy inbound)[44]: 3.3.3.3 -> 1.1.1.1 (UDP) len=256 id=16574
[vs_0][fw_0] bond12.517:I20 (fw SCV inbound)[44]: 3.3.3.3 -> 10.97.15.1 (UDP) len=256 id=16574
[vs_0][fw_0] bond12.517:I21 (vpn before offload)[44]: 3.3.3.3 -> 10.97.15.1 (UDP) len=256 id=16574
[vs_0][fw_0] bond12.517:I22 (fw offload inbound)[44]: 3.3.3.3 -> 10.97.15.1 (UDP) len=256 id=16574
[vs_0][fw_0] bond12.517:I23 (fw post VM inbound )[44]: 3.3.3.3 -> 10.97.15.1 (UDP) len=256 id=16574
[vs_0][fw_0] bond12.517:I24 (fw accounting inbound)[44]: 3.3.3.3 -> 10.97.15.1 (UDP) len=256 id=16574
[vs_0][fw_0] bond12.517:I25 (RTM packet in)[44]: 3.3.3.3 -> 10.97.15.1 (UDP) len=256 id=16574
[vs_0][fw_0] bond12.517:I26 (passive streaming (in))[44]: 3.3.3.3 -> 10.97.15.1 (UDP) len=256 id=16574
[vs_0][fw_0] bond12.517:I27 (TCP streaming (in))[44]: 3.3.3.3 -> 10.97.15.1 (UDP) len=256 id=16574
[vs_0][fw_0] bond12.517:I28 (IP Options Restore (in))[44]: 3.3.3.3 -> 10.97.15.1 (UDP) len=256 id=16574
[vs_0][fw_0] bond12.517:I29 (Cluster Late Correction)[44]: 3.3.3.3 -> 10.97.15.1 (UDP) len=256 id=16574
[vs_0][fw_0] bond12.517:I30 (Chain End)[44]: 3.3.3.3 -> 10.97.15.1 (UDP) len=256 id=16574
[vs_0][fw_0] bond12.517:o0 (IP Options Strip (out))[44]: 10.97.15.1 -> 3.3.3.3 (UDP) len=384 id=24707
[vs_0][fw_0] bond12.517:o1 (vpn multik forward out)[44]: 10.97.15.1 -> 3.3.3.3 (UDP) len=384 id=24707
[vs_0][fw_0] bond12.517:o2 (vpn nat outbound)[44]: 10.97.15.1 -> 3.3.3.3 (UDP) len=384 id=24707
[vs_0][fw_0] bond12.517:o3 (TCP streaming (out))[44]: 1.1.1.1 -> 3.3.3.3 (UDP) len=384 id=24707
[vs_0][fw_0] bond12.517:o4 (passive streaming (out))[44]: 1.1.1.1 -> 3.3.3.3 (UDP) len=384 id=24707
[vs_0][fw_0] bond12.517:o5 (vpn tagging outbound)[44]: 1.1.1.1 -> 3.3.3.3 (UDP) len=384 id=24707
[vs_0][fw_0] bond12.517:o6 (Stateless verifications (out))[44]: 1.1.1.1 -> 3.3.3.3 (UDP) len=384 id=24707
[vs_0][fw_0] bond12.517:o7 (fw VM outbound)[44]: 1.1.1.1 -> 3.3.3.3 (UDP) len=384 id=24707
[vs_0][fw_0] bond12.517:O8 (fw post VM outbound )[44]: 1.1.1.1 -> 3.3.3.3 (UDP) len=384 id=24707
[vs_0][fw_0] bond12.517:O9 (vpn policy outbound)[44]: 1.1.1.1 -> 3.3.3.3 (UDP) len=384 id=24707
[vs_0][fw_0] bond12.517:O10 (l2tp outbound)[44]: 1.1.1.1 -> 3.3.3.3 (UDP) len=384 id=24707
[vs_0][fw_0] bond12.517:O11 (vpn encrypt)[44]: 1.1.1.1 -> 3.3.3.3 (UDP) len=384 id=24707
[vs_0][fw_0] bond12.517:O12 (RTM packet out)[44]: 1.1.1.1 -> 3.3.3.3 (UDP) len=384 id=24707
[vs_0][fw_0] bond12.517:O13 (tcpt outbound)[44]: 1.1.1.1 -> 3.3.3.3 (UDP) len=384 id=24707
[vs_0][fw_0] bond12.517:O14 (fw accounting outbound)[44]: 1.1.1.1 -> 3.3.3.3 (UDP) len=384 id=24707
[vs_0][fw_0] bond12.517:O15 (TCP streaming post VM)[44]: 1.1.1.1 -> 3.3.3.3 (UDP) len=384 id=24707
[vs_0][fw_0] bond12.517:O16 (IP Options Restore (out))[44]: 1.1.1.1 -> 3.3.3.3 (UDP) len=384 id=24707
[vs_0][fw_0] bond12.517:O17 (Cluster Local Correction)[44]: 1.1.1.1 -> 3.3.3.3 (UDP) len=384 id=24707
[vs_0][fw_0] bond12.517:O23 (Chain End)[44]: 1.1.1.1 -> 3.3.3.3 (UDP) len=384 id=24707
[vs_0][fw_0] bond12.517:o0 (IP Options Strip (out))[44]: 10.97.15.1 -> 3.3.3.3 (UDP) len=384 id=24708
[vs_0][fw_0] bond12.517:o1 (vpn multik forward out)[44]: 10.97.15.1 -> 3.3.3.3 (UDP) len=384 id=24708
[vs_0][fw_0] bond12.517:o2 (vpn nat outbound)[44]: 10.97.15.1 -> 3.3.3.3 (UDP) len=384 id=24708
[vs_0][fw_0] bond12.517:o3 (TCP streaming (out))[44]: 1.1.1.1 -> 3.3.3.3 (UDP) len=384 id=24708
[vs_0][fw_0] bond12.517:o4 (passive streaming (out))[44]: 1.1.1.1 -> 3.3.3.3 (UDP) len=384 id=24708
[vs_0][fw_0] bond12.517:o5 (vpn tagging outbound)[44]: 1.1.1.1 -> 3.3.3.3 (UDP) len=384 id=24708
[vs_0][fw_0] bond12.517:o6 (Stateless verifications (out))[44]: 1.1.1.1 -> 3.3.3.3 (UDP) len=384 id=24708
[vs_0][fw_0] bond12.517:o7 (fw VM outbound)[44]: 1.1.1.1 -> 3.3.3.3 (UDP) len=384 id=24708
[vs_0][fw_0] bond12.517:O8 (fw post VM outbound )[44]: 1.1.1.1 -> 3.3.3.3 (UDP) len=384 id=24708
[vs_0][fw_0] bond12.517:O9 (vpn policy outbound)[44]: 1.1.1.1 -> 3.3.3.3 (UDP) len=384 id=24708
[vs_0][fw_0] bond12.517:O10 (l2tp outbound)[44]: 1.1.1.1 -> 3.3.3.3 (UDP) len=384 id=24708
[vs_0][fw_0] bond12.517:O11 (vpn encrypt)[44]: 1.1.1.1 -> 3.3.3.3 (UDP) len=384 id=24708
[vs_0][fw_0] bond12.517:O12 (RTM packet out)[44]: 1.1.1.1 -> 3.3.3.3 (UDP) len=384 id=24708
[vs_0][fw_0] bond12.517:O13 (tcpt outbound)[44]: 1.1.1.1 -> 3.3.3.3 (UDP) len=384 id=24708
[vs_0][fw_0] bond12.517:O14 (fw accounting outbound)[44]: 1.1.1.1 -> 3.3.3.3 (UDP) len=384 id=24708
[vs_0][fw_0] bond12.517:O15 (TCP streaming post VM)[44]: 1.1.1.1 -> 3.3.3.3 (UDP) len=384 id=24708
[vs_0][fw_0] bond12.517:O16 (IP Options Restore (out))[44]: 1.1.1.1 -> 3.3.3.3 (UDP) len=384 id=24708
[vs_0][fw_0] bond12.517:O17 (Cluster Local Correction)[44]: 1.1.1.1 -> 3.3.3.3 (UDP) len=384 id=24708
[vs_0][fw_0] bond12.517:O23 (Chain End)[44]: 1.1.1.1 -> 3.3.3.3 (UDP) len=384 id=24708
[vs_0][fw_3] bond12.517:OE25 (encrypt - after)[44]: 2.2.2.2 -> 3.3.3.3 (UDP) len=132 id=34433
[vs_0][fw_3] bond12.517:OE25 (encrypt - after)[44]: 2.2.2.2 -> 3.3.3.3 (UDP) len=132 id=19101
[vs_0][fw_3] bond12.517:OE25 (encrypt - after)[44]: 2.2.2.2 -> 3.3.3.3 (UDP) len=132 id=64551
[vs_0][fw_3] bond12.517:OE25 (encrypt - after)[44]: 2.2.2.2 -> 3.3.3.3 (UDP) len=132 id=52696
[vs_0][fw_3] bond12.517:OE25 (encrypt - after)[44]: 2.2.2.2 -> 3.3.3.3 (UDP) len=132 id=59551
[vs_0][fw_3] bond12.517:OE25 (encrypt - after)[44]: 2.2.2.2 -> 3.3.3.3 (UDP) len=132 id=16177
[vs_0][fw_3] bond12.517:OE25 (encrypt - after)[44]: 2.2.2.2 -> 3.3.3.3 (UDP) len=132 id=35105