Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
abihsot__
Advisor

Protocol 50 (ESP) traversing GW do not reach destination

Hello,

R80.40 latest JHF

I have an issue where CP gateway is in the middle between nodes establishing site to site vpn tunnel. Access is opened as per requirements, but some tunnels go down and up sporadically. I was able to narrow down to strange traffic for ESP. Comparing working/not working tunnel I find the following difference

working:

vs_0][ppak_0] x:id[44]: site1 -> site2_IP1 (50) len=204 id=44641

[vs_0][ppak_0] x:iD[44]: site1 -> site2_IP1 (50) len=204 id=44641

[vs_0][ppak_0] x:i[44]: site1 -> site2_IP1 (50) len=204 id=44641

[vs_0][ppak_0] x:I[44]: site1 -> site2_IP1 (50) len=204 id=44641

[vs_0][ppak_0] x:o[44]: site1 -> site2_IP1 (50) len=204 id=44641

[vs_0][ppak_0] x:O[44]: site1 -> site2_IP1 (50) len=204 id=44641

 

not working:

[vs_0][ppak_0] x:id[44]: site1 -> site2_IP2 (50) len=172 id=22516

[vs_0][ppak_0] x:iD[44]: site1-> site2_IP2 (50) len=172 id=22516

[vs_0][ppak_0] x:i[44]: site1-> site2_IP2 (50) len=172 id=22516

 

fw ctl zdebug + drop |grep "site1" doesn't reveal anything.

 

any ideas, besides TAC, which is already involved.

4 Replies
This widget could not be displayed.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events