Hi,
So we are setting up an ipsec vpn tunnel between two site's.
Tunnel is succes we have both ike and ipsec sa up
But for some reason we can't push any traffic over it.
Can you guys help us on what we are overlooking ?
Config:
show vpn
ipsec {
auto-firewall-nat-exclude enable
esp-group FOO0 {
proposal 1 {
encryption aes256
hash sha1
}
}
ike-group FOO0 {
proposal 1 {
dh-group 2
encryption aes256
hash sha1
}
}
ipsec-interfaces {
interface eth0
}
nat-networks {
allowed-network 0.0.0.0/0 {
}
}
nat-traversal enable
site-to-site {
peer 91.x.x.x {
authentication {
mode pre-shared-secret
pre-shared-secret xxxxxxxxxxxxxxxxxxxxx
}
connection-type initiate
description xxx
ike-group FOO0
local-address 109.x.x.x
tunnel 1 {
esp-group FOO0
local {
prefix 172.26.255.0/24
}
remote {
prefix 172.16.9.0/24
}
}
tunnel 2 {
esp-group FOO0
local {
prefix 172.26.255.0/24
}
remote {
prefix 172.16.200.0/24
}
}
tunnel 3 {
esp-group FOO0
local {
prefix 172.26.255.0/24
}
remote {
prefix 10.230.130.0/24
}
}
tunnel 4 {
esp-group FOO0
local {
prefix 172.26.255.0/24
}
remote {
prefix 10.230.140.0/24
}
}
tunnel 5 {
esp-group FOO0
local {
prefix 172.26.255.0/24
}
remote {
prefix 10.230.1.0/24
}
}
tunnel 6 {
esp-group FOO0
local {
prefix 172.26.255.0/24
}
remote {
prefix 172.16.57.26/32
}
}
tunnel 7 {
esp-group FOO0
local {
prefix 172.26.255.0/24
}
remote {
prefix 172.16.59.20/32
}
}
}
}
}
show vpn ike sa seems not to be possible on the edge, any other way to check this ?