Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN Issues and odd SADs and SPDs

    Scheduled Pinned Locked Moved
    IPsec
    1
    1
    61
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      ssweeney
      last edited by

      Good afternoon,

      I have configured a site-to-site VPN tunnel with a client with two IPs of interesting traffic, we'll call my side, MyIPA and MyIPB. The VPN tunnel will come up but I only see the MyIPB rule under Status > IPsec. When they try and send traffic I can see it under a packet capture but never see a response go back to them. I am currently reviewing that problem but stumbled across the following:

      When I look at the SADs everything looks okay. When I look at the SPDs I see a duplication of the rows I would expect for both "Inbound" and "Outbound" Directions.

      Going back to the interesting traffic, I defined the rules as:

      MyIPA is allowed to talk with YourIPA
      MyIPB is allowed to talk with YourIPB

      And I would expect both Inbound and Outbound to have two rows indicating the above. Instead, I have 4 rows for Inbound and 4 for Outbound, stating:

      Source Destination
      MyIPA YourIPA
      MyIPA YourIPB
      MyIPB YourIPA
      MyIPB YourIPB

      When I was on a call with the client, (Cisco FW), yesterday, it sounded like they grouped their rules such that our IPs could talk to both of theirs where I specifically defined the relations.

      Could this be causing the SPD observation and could that be part of the problem?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • First post
        Last post