Why IPSec tunnels with VTI effects each other?
-
Hi,
I do have Netgate XG-7100 with latest updates. I do have couple of IPSec tunnels with VTI enabled, all from same Netgate to different endpoints. Each IPSec tunnel has their own phase 1 settings with different configurations and each phase 1 have own phase 2 with different configurations.Each tunnel can be tested to be working, but when both tunnels are enabled they cause a disconnection in the other tunnel.
Any tips what could cause this kind of behaviour?
Thanks a lot,
-Mika -
If I remember right, you can't have two ipsec phase 1 connections to the same WAN endpoint. You can many phase 2's but only one phase 1.
-
Actually I stand corrected. In the advanced setting for the Phase 1, there is a setting to allow multiple P1s.
Gateway Duplicates
Allows multiple phase 1 configurations to use the same remote endpoint address. Warning This option also disables automatic static routes to the peer via specific WAN gateways. Traffic will follow the default route, not the selected tunnel interface, unless manual static routes redirect the traffic.
You'd need to have that option enabled and set up static routes.