I was wondering if in one of the next MRs in SFOS 18 it was possible to include one or both of the following changes:
- Including the VTI interfaces in the pull-down menu options for PING diagnose*
- When pinging with an internal interface, letting the ping go through the routing tables including routing through VTI interfaces*
* In policy-based IPsec it is possible to configure system-traffic to go through the IPsec. When these settings are correct, then a ping from the LAN to an address configured in the system-traffic rules is routed through the IPsec.
With VTI IPsec, this doesn't work. Althoug system traffic (i.e. DNS, Authentication) is correctly routed through the IPsec, the diagnostic ping cannot be used to verify the correct working of the routings/firewall rules for this kind of tunnel.
As the system traffic requests originate from the VTI interface IP, it would be nice to have this interface available as a source of diagnostic pings. Also it would be nice to be able to test the entire routing/firewall configuration with a ping from the internal interface/network.
This thread was automatically locked due to age.
