I have a CP gateway that built two VPN tunnels to two branch offices as below:
Main Office: FW01 (CP 6000), VPN domain is 172.17.0.0/24
Office A: FW02 (SMB 1595), VPN domain is 192.168.1.0/24
Office B: FW03 (3rd party GW), VPN domain is 192.168.1.3/24
Two star VPN communities were created:
VPN_Community_A: contain FW01 and FW02
VPN_Community_B: contain FW01 and FW03
Each gateway is managed separately.
After setup, tunnels are up and VPN work. However, we found sometimes VPN between FW01 and FW02 is unstable, it may drop few packets in each day. No such issue found in VPN between FW01 and FW03. We had checked all the settings, all look fine.
The vpn tu tlist show there are ***Eclipsed*** and ***Narrow*** for VPN tunnels between FW01 and FW02. According to sk166417, this usually caused by mismatch in the configuration of the VPN with the peer, particularly the "VPN Domain" section of both sides. We checked the VPN domain section several times, and ensure there are no overlapping or mismatch.
Since FW01's VPN domain is used in two VPN communities, is that cause the issue? I can't use same VPN domain in two different communities? Any hints will be appreciated.