Thread Info
  • Locked Locked
  • Replies 2 replies
  • Subscribers 27 subscribers
  • Views 3746 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Massive connectivity issues when sending all traffic through VPN Tunnel

Bjoern Freiherr

I'm working with Support on troubleshooting a Site-To-Site VPN Tunnel where one XG sends ALL traffic to the other end and uses that main XG for internet access and filtering etc. Users started complaining at the remote site that they have random weird issues with web based apps and sites that they can't use. E.g. WebEx. We turned off any sort of filtering but the issues persist.

I built a new tunnel between two other XGs and tested the same setup where only one PC is supposed to be routed through the VPN for ALL traffic. It causes issues for all devices in that site. Our phones went offline, random apps stop working etc. even though it's only supposed to affect one device.

Wondering if anyone is using XGs for this purpose and has experienced anything similar?



This thread was automatically locked due to age.

  • Hi  

    Would it be possible to please PM me with your support case number ID for follow up?

    You can also use the command "ip route get <ip>" on the CLI of your test XG's (where you've attempted to configure the same setup), to figure out which gateway is used for routing. This would assist in confirming your routing behavior and why all of your devices point to the VPN/remote XG as it's gateway.

    Best,

  • in reply to FloSupport

    VPN disabled:

    XG105_XN02_SFOS 17.0.6 MR-6# ip route get 8.8.8.8
    8.8.8.8 via 98.171.188.1 dev Port2  src 98.171.188.126
        cache

    VPN enabled:

    XG105_XN02_SFOS 17.0.6 MR-6# ip route get 8.8.8.8
    8.8.8.8 dev ipsec0  src 172.16.16.1
        cache

    Not sure how to test this for a specific source IP, but looks like the routing changes when the tunnel comes up.

    Considering that the VPN is setup as shown below it doesn't really make sense unless the routing table is built by looking at the remote subnet only without considering the source at the same time.