Hello,
after installing a second WAN-interface (with static IP-Adr.) on an ASG 220 (6.303) I want to use it for IPSec-based VPN connections. The installed tunnels are all up (green lights in IPSec Connection Status).
But the only tunnel that passes traffic is set up as followed:
ASG220 (2nd WAN) Internet Router Lancom 1811
All other tunnels without a router between Lancom 1811 an Internet do not pass any traffic (ASG220 (2nd WAN) Internet Lancom 1811)
I set up 2 policy routes for UPD 500 and UDP 4500 from 2nd WAN (Sourceinterface) to 2nd WAN-Gateway (Target) for ANY Source and ANY Destination.
tcpdump shows an incoming ping-request from Lancom 1811 receives a reply, but this seems to end at 2nd WAN-Interface:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ipsec0, link-type EN10MB (Ethernet), capture size 96 bytes
17:24:31.738877 00:12:ef:20:75:a2 > 00:10:f3:0b:cf:f0, ethertype IPv4, length 98: IP 10.232.101.1 > 10.100.2.3: icmp 64: echo request seq 0
17:24:31.739355 00:10:f3:0b:cf:f0 > 00:10:f3:0b:cf:f0, ethertype IPv4, length 98: IP 10.100.2.3 > 10.232.101.1: icmp 64: echo reply seq 0
00:12:ef:20:75:a2 is MAC-Adr of the 2nd WAN-Gateway
asg01:/root # tcpdump -e -i eth3
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth3, link-type EN10MB (Ethernet), capture size 96 bytes
17:27:01.325714 00:12:ef:20:75:a2 > 00:10:f3:0b:cf:f0, ethertype IPv4, length 166: IP p******x.dip0.t-ipconnect.de > asg01: ESP(spi=0x8cf14b3b,seq=0x8)
17:27:01.327207 00:10:f3:0b:cf:f0 > Broadcast, ethertype ARP, length 42: arp who-has p******x.dip0.t-ipconnect.de tell asg01
17:27:02.289444 00:12:ef:20:75:a2 > 00:10:f3:0b:cf:f0, ethertype IPv4, length 166: IP p******x.dip0.t-ipconnect.de > asg01: ESP(spi=0x8cf14b3b,seq=0x9)
Using the 1st WAN-Interface with default gateway works for all tunnels.
What´s wrongs here
Thank You for help
Wolfgang
This thread was automatically locked due to age.
