This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG 18.0.1 Virtual-VMware IPsec Routing-Based VTI interfaces disabled

In a VMware-based virtual XG with SFOS 18.0.1 with an SFV4C6 (4 CPU, 6 GB RAM) license we have a series (23) of routing-based IPsec VPNs to different customer's physical XGs.

The IPsecs are working without problems... exept the last two we created.

Both from brand new XG 106 with SFOS 18.0.1.

Those two tunnels loose regularlay connection.

The underlying IPsec connections are still active.

On the customer's side the VTI interfaces show "connected" status.

But on the virtual XG side both VTI interfaces show "disabled"

Traffic still flows through the tunnel. I can see packets coming through the VPN but they show as coming through the WAN interface, not the VTI.

As the VTI is "disabled" the routings back to the customer don't work and also the firewall rules don't work and the packets are blocked by "rule 0"

Strangely it is just these last two connections, that show the problem. The tunnels and underlying rules have been created exactly as all the rest.

The IPsec policies are the same as for all the other connections.

The routings are static routings.

Any idea what might be going wrong?

This thread was automatically locked due to age.

0 LoicD over 4 years ago

Hello,

I had the issue with the VTI interface that was in disable state event if tunnel was up.

I have seen that I misconfigured another RB VPN tunnel which was using the same remote peer IP address. Once I have deleted the conflicting RBVPN and disable/re-enable the other RBVPN, the associated VTI changed to connected status
Cancel
Vote Up 0 Vote Down

Cancel